formbook

General

Target

JaffaCakes118_954b75a2c0fb7a8350307cfbc283e65ab46c000ad652236a1d5d5a9f9af950b5
Size

677KB
Sample

241230-b2ff2stmfm
MD5

84e521846bad031000476000e626a29e
SHA1

170653dbaada2aad0bd5ff22327e9731e375b10a
SHA256

954b75a2c0fb7a8350307cfbc283e65ab46c000ad652236a1d5d5a9f9af950b5
SHA512

16c09b8b4973c09bd8f3444d4341cc6544266ba092877e12452db9f27492b4a271c40cc2d7cbdb2a54592ba5b59ba128d0c90807880650b10b69c9854cebe364
SSDEEP

12288:QypiZF/GdV7Ba66tLFlKmjuWlRsgZw57NvSRxll4b/9+Sik7H4fQ2yrq8El8ykp+:QzLM7Ba6+LK85sgZwNNKX41sfQ2yNjV+

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wk31

Decoy

soroban.xyz

irfirstaid.com

irsaycollection.com

thebardownstairsasheville.com

facebookmeta.business

paypalsupportclient.com

metaversusfacebook.com

litakparuikamazon.com

rivianmotorcompany.com

metaversepro.us

ikramfamilypractice.com

bitcoinfuturesetfs.online

5donline.com

rosemount.us

nicole-steinfort.com

performanceautorepairsj.com

scrabblecheats.us

kjg67amazon.com

formerlyknownasfacebook.com

youtubeandgooglepay.online

Targets

- Target
  
  Estimates (Korea Zinc Co., Ltd. Onsan Refinery) 275-016.exe
- Size
  
  841KB
- MD5
  
  42d33f1103e99970b5a2bd66cc7abacf
- SHA1
  
  18b40de46605a148bd005f07f1396ea4be30f962
- SHA256
  
  898019809aff31148304abc19ab0514838d5ed4ae75318fe8865b4e5b139d52f
- SHA512
  
  471ef7e285ae5bb0db67e6722dde3877180d980f1cef271bf81e8c1f8c3fbd26ffa435eb04b0ef14ae6898ac26ed8b235eb9b203947aa4020955e5989e22fbbc
- SSDEEP
  
  12288:Duup9hCcfZ/2Yp45XWCPrpLlafo3arpcYVx1Izq+lG/hS2zG9+aw9cNq0p2W:qrk/2Yp4JWKmhpcewu+lghjZqN
Score

10^/10

formbook wk31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2