formbook

General

Target

JaffaCakes118_ab5eaba420eece3d4db60eadc4c2b198933a547479ce84a5903c9c9b0a025543
Size

689KB
Sample

241230-bkgyjsspcy
MD5

c0307b4e79e71a2e416c821d82070e47
SHA1

b961fde6684890c016806ec4ea73d3aeb1dff9d0
SHA256

ab5eaba420eece3d4db60eadc4c2b198933a547479ce84a5903c9c9b0a025543
SHA512

8a001125407b1404f441f76f2757cb31e83a2e740a1940ccfcd8f6f98291197687a6202dffb41bb315019297e09fb049dad5777eba6bc631b67590f0fe8bf5d4
SSDEEP

12288:AnUd227e1unaWm/aVtsIuWDpHK6mft22YjsleU8X+WH/ZlrKFI/5iO8AVbou3XmD:AnUI2ysoytPxHEYjUS+wKFIb7nmDcw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ko29

Decoy

citusdig.site

ecomrise.store

aringtonortho.com

plan-indonesia.com

retreat-to-the-alps.com

themerchperch.biz

freshfashiondesign.com

zachmizrachi.com

machomancoin.site

racunhariini.com

13378888.com

landofnd.com

techactive.digital

yourdebttips.com

www147171.com

xraino.top

willshouseofhorrors.com

redfiree.com

cyanband.com

srbs35.com

Targets

- Target
  
  DHL Invoice Notification_pdf.exe
- Size
  
  942KB
- MD5
  
  80e47f3442ed4e19c8660dbdf9033e11
- SHA1
  
  928b5e116468baeecba928ddbc1de8011121b129
- SHA256
  
  6bf26b1eb1db8cdd96264df57faaed3eca70f6c01b592324e4b7939b0818e180
- SHA512
  
  ba0107f896b6bd9518e5c1b85b191b19efb5722b842babff3937800bb9d404d0d4910bd2474459af38c9065d4ad8123a7582db8e1eec537f5e67122c31c94634
- SSDEEP
  
  12288:KhLuyAHQYVo02R34K49um4VV3eI+MOC6DyP3sy5l2qWR87sewhIesI:KhLuyy7VF2R5w5WKDYj2qWRuvwhl
Score

10^/10

formbook ko29 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2