formbook

General

Target

JaffaCakes118_760adfe71eca49aee662da8e37aa6b5fb7284c539b80362e744ad532d741f7de
Size

635KB
Sample

241229-pmesvs1pft
MD5

a7ed5957642dc0a7d267407478748fb9
SHA1

dc37d636f677296a9e583709095a3f6f7587ad56
SHA256

760adfe71eca49aee662da8e37aa6b5fb7284c539b80362e744ad532d741f7de
SHA512

5133f16189ba705182a3e06117ff0c5b0a0cfd0d4668a9a17abb288a851d0cd30151464af99af1fd9dec2bfdddd07910fc86a0e643fb74dd3ead76e898a054d8
SSDEEP

12288:HtrXVycDLStx0UCGotunz4M1ox4TCUwDX6Kupnvu7J1skhuwzZ2nS:VlyIcyud9OX6tnvv7wVl

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4kx

Decoy

eufood.info

theprotestmatters.com

khauchakhajina.com

008usa-xxf.com

backriverroadsportsplex.com

shopalndrinks.com

necght.xyz

summaryborrow.info

mys518.com

shopapemodeapparel.com

christineroseartiste.com

rsw2226.com

ashes-of-creation.com

shamilalyadin.com

learning-synergy.com

sendstats.net

waverdemo.tech

dubestol.com

bolterbunny.com

beerciderrebattes.com

Targets

- Target
  
  aac1b750d1fe48b308bc639f3b5a9d00a73af68eeac76e607162c5ab55f40e23
- Size
  
  818KB
- MD5
  
  c8d7f9160e60b1db486561b007ab7621
- SHA1
  
  f08ec106fe47072ae29521d72659f35be0f4fc4d
- SHA256
  
  aac1b750d1fe48b308bc639f3b5a9d00a73af68eeac76e607162c5ab55f40e23
- SHA512
  
  20f1d4759084073e152c8999a6f6ea7c084ddd1e69125bd17520828f0cfbbfca8d600e5d3c2f7da8b209e32a34c518b0fbb5b22aa51d742306e93655131a991a
- SSDEEP
  
  12288:+yGJvquwaHpIhB0IXXGSfaPDZNxFYmUaRpVz9ooM+mpcN2eYWr9d2OAiuH:oquPHpjyXPfaNNxTbRpVzSYmyN2eYEy
Score

10^/10

formbook 4kx discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2