formbook

General

Target

JaffaCakes118_c9c59fa60cf5a7f25c540b5bbfabe5b0f7fe69e45e3fb45c9de6fef1b9223f53
Size

356KB
Sample

241229-qgljwssmbk
MD5

739aa365ed71c16279bceb24a5cde297
SHA1

750339facdbca4c93a2eeb8f6afcce340425c4b1
SHA256

c9c59fa60cf5a7f25c540b5bbfabe5b0f7fe69e45e3fb45c9de6fef1b9223f53
SHA512

ca481eb4835cc69af6865636050d83d90ce785c07000f044ec2e0adccf26e713bc07c36369d4a5391ae7b86cbd97949136b8f1e56f6daaf0680690f5574bd1f4
SSDEEP

6144:mU2TT3OHG9ms2KiGH6k6vFv3CIfbEUfcBgLUVUOaA4t3jzeWnzDB6R5yk7NoB:iTTxgKGk6vFvygiYWUOa3Zv/B6iMNoB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tba

Decoy

dzmcos.com

northlandautocenterfargo.com

today2check.com

izoozstudios.com

happyhodgkins.com

allzoy.com

805isaac.com

247likeaboss.com

guxsdesign.com

olenfex.com

roadsignsaroundtheworld.com

bleedingedgealpha.com

aladdinperu.com

skip2-kansd.com

todpod.club

theslicee.com

hbhnfs.com

jkrso.com

presgram.com

vedmaths.com

Targets

- Target
  
  New Order Euro 670_800.bin
- Size
  
  463KB
- MD5
  
  28c8a3160002ac3904c02223b233ea68
- SHA1
  
  da19cb48abb5b6b92645dad30cb104c63af911cf
- SHA256
  
  f18c7bb0454724b1aba7a0dacdf3d2098202e717e17dfeac90600bb44ffd4c20
- SHA512
  
  d97d0061ea6be493f13d2d245c6d58e3756a7d54d6ee357a7eff83759221eff63c61ec523b081cdb6a0072aeba17d60e87de873fe6f698f2563879797f42707f
- SSDEEP
  
  12288:fSJFFWr/beO5wYd/y1oIJ48WcCTXgmJkUz:KJFFUgs1IiXTQmeUz
Score

10^/10

formbook tba discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  d753362649aecd60ff434adf171a4e7f
- SHA1
  
  3b752ad064e06e21822c8958ae22e9a6bb8cf3d0
- SHA256
  
  8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586
- SHA512
  
  41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d
- SSDEEP
  
  192:3Gs+dH4+oQOTgDbzuNfrigyULWsXXZF/01JJijnK72dwF7dBEnbok:3GvdH4qMebzPY2Vijn+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/jk2l8e.dll
- Size
  
  192KB
- MD5
  
  b8f29f375c72c72726a9e6fe2c248bab
- SHA1
  
  5e26da3c3611d123e3411e13b6922fd91093198d
- SHA256
  
  9a9393c13b7acaa49425ea582746c4ce3ac1344dea406729a3929a6c77c56929
- SHA512
  
  366b276d7810fd1652b6d1e1dc1bb73dd24be4a8cb668f91c1d77d7891cb1eedf0ca2bab5ffae3f51ddc895e1ea52ef06fc03de539deecf21b2a421f6a9e9d73
- SSDEEP
  
  3072:L1UTRSZGMM9jNWI/+xHxoc1AvbDGmxOJydH1ftnYZm0Hbk/b9Sia+i57AO0Ukxa1:RUUGMMxNWI/yRrAvbAydH1ftnYJbkjsp
Score

10^/10

formbook tba discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6