formbook

General

Target

JaffaCakes118_b9f16530d1b7ced70644d5677a1209e45d1c2ba79082f95884c820afa07d48f5
Size

612KB
Sample

241230-2jgt9ssjgr
MD5

58367466bc3e2d9ca54d1eb5dc0af7be
SHA1

173941714288f536b22b71111c9a4325da711b1a
SHA256

b9f16530d1b7ced70644d5677a1209e45d1c2ba79082f95884c820afa07d48f5
SHA512

477823bd6dafbd731310fa18c60534612acf4b9856e04bab065fb6f7a253254da76547265aa827a23bf1f8812c41bde1b5e7d21a085943a8c8e8c0759786052a
SSDEEP

12288:9m9xQfKs63+b62Hu1R/pec9S5LFh1E3ss4H7B14wPmKPJEHJw6HPa/Hj:kkfKs6uYc8GW3tEB1EKxs9HQ

Score

10^/10

Malware Config

Extracted

Family

formbook

Campaign

g44n

Decoy

t60gB4YRvsDLttd9HG4=

xck8G7COQ+g7VIpX

BQQF3mmpLPskhQ==

eLWwmzNyK6ee+nF1jDvvkxuSGA==

3tlgNOzw8BBjpNOQMnc=

nOpNEJhoU0h+00S9E1YfgA==

xcvTpljkjIyEdvhp+VcGFtJC

bZxOHr5CtzY4

rOD304X0u1DN/m7cbA==

Knixl0HJyEOOiNckwk8GFtJC

S4JMDRNTUAol

Vp9wSwNZSfY7VIpX

0Nf/zlrpmpahnM+tpkYGFtJC

joXsuHiBcVp88DHEHMA7

yN8i9ppoZYHSSaqqk6NZnQ==

4UFEMfyKhSB4UovzjdabqolwhFtMH1M=

d3RiRcXCeR8wlgjEHMA7

eMUS8PSBPCe2rPg=

LCsR0X328UuSAmlf

/keifSXopayqjLt1EWQ=

Targets

- Target
  
  be295268162c4bde1f31e9413a87f903a419bf743cdbee69db925162c21b7d78
- Size
  
  775KB
- MD5
  
  94c1e957b1e28c57ef9ce07ccc914a32
- SHA1
  
  1aeec2fa9616e7751c83e788faa3e8af83ba059c
- SHA256
  
  be295268162c4bde1f31e9413a87f903a419bf743cdbee69db925162c21b7d78
- SHA512
  
  7cad46367a0e2fb7a3261804d283e6d33f2a45b60b10a4c16562bd1b1a29f894b2ef65fad3d355fedbd590042c5202713518cb46496655c305231083d8caa6a8
- SSDEEP
  
  12288:B2iN3M/CcdMo5E72KRgm9nnmzbjkcgIvr39oo3F5/W+:B1CaN72KRgmRmjkU3io3F93
Score

10^/10

formbook g44n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2