formbook

General

Target

JaffaCakes118_76de342da3c560312b0c1159b640949e342f994805ff962c2f95c73054913307
Size

310KB
Sample

241229-qwepwsspcj
MD5

12b4eba170aa110c83488672898dc4a5
SHA1

19d31e1fe81a4ef7dc074712a0bc15cac240cfa7
SHA256

76de342da3c560312b0c1159b640949e342f994805ff962c2f95c73054913307
SHA512

6cb5589b0c30590867182dc4ea7236f70116cea30d5117340407888b4dabd8d3490d0ce9351b03ad95a8b8ab7422d194d3bb2e2c5c803c871ca8737614258fcc
SSDEEP

6144:e7YDDqz7nvYuUnnBqqbSjUyVNIiiRm4Vv6xPtBX/yshX2B+Ugd1GzP:e7YDDqz7n8dGjjKoGv61td/yymB+HgzP

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s09m

Decoy

briteidea.solutions

laureloil.store

mappr.info

mrcostavendasonline.com

armystart.com

fsztlj.com

crowd-bonus.online

intrinsicvalueventures.com

orbworld.com

implant-dentclinic.store

zibbaceramic.com

sellingmygold.com

careercoachservices.com

onlinecrosslink.com

besremiop.store

clickybuzz.com

metaversogrowth.com

pinoaflower.com

privilegedpeach.com

whxzf.com

Targets

- Target
  
  IRQ2207799_pdf.bin
- Size
  
  467KB
- MD5
  
  17a1bd2f314821d2554ff4f486bc763c
- SHA1
  
  34b75fa0336143dba8fc2cee895dbd0ffc5914ab
- SHA256
  
  d3173c18c350a7fa99867f3ef7c9bf5375a4e1ca7f5706c60d883cb17322491f
- SHA512
  
  d05cb5d8d192f78a721f4612830c186a08109c25ed0e6b26d94fee57b22575cd681e0a587ed5fac51a74ba5b670c297e5c880f713a2a138fcbdd58325e5ac1a9
- SSDEEP
  
  6144:uGi8Y9MXn1x7YZkDHY0Hi42gcmAdX2SdxWQQCJkVDOuiAQ/40aW5:4MX1x7YZkDHY0Hqm4gzC2Ou0aW5
Score

10^/10

formbook s09m discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  ecflmkakn.exe
- Size
  
  114KB
- MD5
  
  335f3448a8233ac59e61717a13dc5d9f
- SHA1
  
  e9ac4829c76470a6ea0b875d32d000c91a771354
- SHA256
  
  c0dec7d411b133eafdd7255c42cc81cd3b2febbee245ad61e40edc2408bddfa7
- SHA512
  
  f51f664b2ef1d94994473b659d106a95edb67bf4005a21faac30f364ce721921ae7fe79a704aee984cd6f812c0ab588be6e3ed3c9ba9de6daa260c7eab834815
- SSDEEP
  
  3072:128njJvoy4CBdK/v+rm2LM+bGqEc1oQAoo7tB5cgh:g8njCJCBdKH+r2qEUoQ2
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4