formbook

General

Target

JaffaCakes118_9d4bfc8d1d35b095e4989c7a6a9a5eae41521eb64c751f9f13cff76ec0bcf1eb
Size

418KB
Sample

241230-bthlfatkfp
MD5

2d04a5c36ef124c4ec550de866c27d8b
SHA1

3446dff89dcb67133eea117b6f5fdce60a77a590
SHA256

9d4bfc8d1d35b095e4989c7a6a9a5eae41521eb64c751f9f13cff76ec0bcf1eb
SHA512

e63817ec810c6aad29fb92be043553d3b5a19f62536aaf74b947ea2f3cdf4bcbe885bb025ddecd9a411ea4034caf99d4e0500fab45d771a0cc8b5ab13c60f8f7
SSDEEP

6144:syrGKXtASDELL51CbBtuuVTQEYMG7n90GGwhGmXnjYgI3FvNlnYIyeUEDnjv6DfJ:sCGAm0Yu7e9AmjYPvnQeU6nr6no8k6aK

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n62s

Decoy

renabic.com

thesanaservice.xyz

lifemadegood.com

lovedowlin.com

dobro46.online

birotoafyon.com

haztol.xyz

917mainstreet.com

letshelpourselves.website

mysticalbloodmoon.com

legallyblondeattorney.com

metagoldenstate.com

ylhsklzjs.com

thejupitercraft.com

josephineclaimhelp.com

flowstorellc.com

eyeofthegate.com

asahi1500.com

ochumare.com

hieslerpark.com

Targets

- Target
  
  INCENTIVE.exe
- Size
  
  435KB
- MD5
  
  a8dd9be8f05730b0b3da0aa0524d4041
- SHA1
  
  585ce6f6c047ae07daf2754cdd9f011f8bb8343b
- SHA256
  
  d30c25033a8cd080bc76463ad1ef591f61b66b5bf36aae6557d9664714908614
- SHA512
  
  7a584d294a8702f03ee91f6047c08a9e1ed56742f1a1d19ff9a99778ea5b1270b44d67cf0450fd5e98b75df7d47208e6259efec3c486dfe39e1d5ccd62713dc1
- SSDEEP
  
  12288:UbLr/1vBE8A8gJ+7rWMtE2bbOu8Nsw+Qw7n/C8c:UTNRWw77tE23Ol+n/C8c
Score

10^/10

formbook n62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/wslelgm.dll
- Size
  
  303KB
- MD5
  
  7c38758347c69368b8bdff2f7a5ba99c
- SHA1
  
  70c318991c2515844ecc96714f5ad777d2e7e6a7
- SHA256
  
  fcb8bd3b27beffa5255fbc8b485b038b321043eecd77fc21cf4798446c21a971
- SHA512
  
  5d04876c8b1dd9a2d691d832471ad650ac85b95503c02aacde848f3b4f6f9f99c861b5a5f8e3e401145e6bbd78f59b8dddc8f24207a52d57afa3efe8940ecdac
- SSDEEP
  
  6144:w7avUpJXmVeuuxx2eiXm1C2kNWfHZKKzeXxNAYlkhAV4D:SpJ2Auu72eGEC2FvZK4UbdOhbD
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4