formbook

General

Target

JaffaCakes118_60e3ebeb0d350be55991be238d65e914655754e4e05024ebe02774c70a83d800
Size

339KB
Sample

241230-22tlsawjg1
MD5

52dfc519e0859a72a738a56c6271f393
SHA1

5023ea6ba0112932b0037265c03d59bd32e80f68
SHA256

60e3ebeb0d350be55991be238d65e914655754e4e05024ebe02774c70a83d800
SHA512

b170bfa6c55ee924ccd157cfef9adadd1f41361a7cb989b03a6b9cba4236167c87008f39f0c8bd73559064dd0ad9675019532f161b6a4766c307945d331583df
SSDEEP

6144:zr3vnM8lOm7kkleLF3u16x0POjSgih1tyUpCvqgXhS2R8vbuW7RgGSE:zrUogF372P8ih1tyUdg16vSWFH

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

- Target
  
  Commander une image.exe
- Size
  
  419KB
- MD5
  
  f5a09e2bec2448ffe0f1121af91411ab
- SHA1
  
  b81e12b89a1d72c90bfe6b5fe95b4b053e0207e6
- SHA256
  
  90bbdf4e97b2f992340311300e29ce5dd0e8112c6dc681e3354855097eb83ad2
- SHA512
  
  927216a2a0e9bc9141a0e9d32164b5e85708902fa8d22fe328d4ccecaf7f5bc562c875c330e3fedab8e8ee40d4612bd2d1ad57df2daeb83c0d856ed8bbefbfb4
- SSDEEP
  
  6144:yGid26cy+QMFCjTOkpNEVMDGFYSM7QABzKNKVQ7i4iOE1u9fUy+z4Cz5qyj:ZzyuCnjDWMxZ7QUup5iO+u9X+z42ME
Score

10^/10

formbook dn7r discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/xkaja.dll
- Size
  
  34KB
- MD5
  
  e5ff8d9cb45aeff5b05a5a1e54336585
- SHA1
  
  a2d037bd24fc22f65ab3816ed135f301bd96f051
- SHA256
  
  54df2592ba748fedb122fc6c4c18172bec40568fc057b1832cdadc808ce22dcc
- SHA512
  
  e2a0aa236957ca5823bcc9f091a263970621715f85f89bfb78adc5333cafe912db1e51bf00e8e592f08089e91cfe62a71070745f5ed131c1c0c025211c667582
- SSDEEP
  
  768:LIF+gXlS8F3QmLWUL3CwTm57emto2Oslp:LBgXJgmLWaFOemrOy
Score

10^/10

formbook dn7r discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4