formbook

General

Target

JaffaCakes118_ef8889bc09b9944478bf8d6ef9b8f8bd0e4f4060c928c9d61a10af991e3a32fe
Size

647KB
Sample

241229-qan2faskex
MD5

8efb50679e7fb64b6b4365dff389c186
SHA1

6099f690a49a311eddca54ca2f4b3380486e6e95
SHA256

ef8889bc09b9944478bf8d6ef9b8f8bd0e4f4060c928c9d61a10af991e3a32fe
SHA512

0f99ee4b1050cb6416a680b7409347f1c236830620959c863b24ce71882be7b19bb6783e4f7e8d3223d7245b50fc639a40bc74f2bdc4a85ed4a47b8585e61a71
SSDEEP

12288:tQ1A46c9Q2mEjprwsnbWZRge2Om2k0UR+mPjNUh/BwRyC:AucmEjpr/n6TgKVObi5BdC

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

fwmz

Decoy

EVMoY7Gw+zpNcMLX

eXADD4RePMOo+0RvOxjO/Q==

HUAzaMufWaVUl6RcbC0gPiu7EQ==

2M3iedmKTSWi8D5pOxjO/Q==

heFzVamRKfl1dwTLbA==

fxyeUGblrhj0MlLfOxjO/Q==

6jEARb17RJQKRJHIYB3LD/+9

3htk8zHUxezkKDA=

Sj1Hu/6kYE4HhsMxSAA=

Zq8IzvjIWeB4+w==

eYiQ3SG7qOzkKDA=

PZMa7lsB2+zkKDA=

aXEH9k8N1q1jdwTLbA==

7BdtDGwYBNOP0i4Bkj7+CPXsCUv6

DPnyLItdG2EPaIItUfICLLc4zvkWHA==

FyEvlOiOVMK3GHUpuVYJaUYbG3M=

MjnCgM52NPlJkaBLbxzLD/+9

1cXQN5JaL3gcY6Z5j1AYg0YbG3M=

39ReTLB4YOVaoSfqmhc=

oP/Fwf+hYLx8ftOlwlU6Iy6zAIHTFA==

Targets

- Target
  
  5e15c8defcd19717e92050ad1918f6e33382c6b600d0f19662036a2ece9f1153
- Size
  
  1.1MB
- MD5
  
  3a2dac5ed50f9bdc48174ccadc1c9c14
- SHA1
  
  6c2fd41b108989a39a78f19d74777b38bbe597b5
- SHA256
  
  5e15c8defcd19717e92050ad1918f6e33382c6b600d0f19662036a2ece9f1153
- SHA512
  
  0bc298a252d7354edee351073afbee4de6819a3aacf0e21d579d1c0c46a142cb4598f3b41edb1134ce6fd21acba6eec74ccced3e568c282573ebd93910067e2e
- SSDEEP
  
  12288:XG2iNBd/xvwMDpEN8PgUruKQl3UINjwB7BbuUzvNePgrNW2:W1Z/Bp86gtKQl/s7gevNePgr7
Score

10^/10

formbook fwmz discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2