formbook

General

Target

JaffaCakes118_eadea737742084d7776c7a6fa0ff4dd6dd3cfe7459fc7e4fbe87b5c2c18c39f6
Size

400KB
Sample

241230-c9qgnavrhl
MD5

331e3a11031b1d7fbde42daec62e1266
SHA1

4a900fc75b843db98dfddade6bad461f26caba96
SHA256

eadea737742084d7776c7a6fa0ff4dd6dd3cfe7459fc7e4fbe87b5c2c18c39f6
SHA512

741a370140d425c77ec9e0f731d06e001445d79683e9f9df9b6887de7443d871ef60417eca45f016e14ab7677bdc46b8f9c3536c29ed9b77266d9330039def14
SSDEEP

6144:cArb9+osxxoUZdYQ1/X2akzSBCvwgJKL/KEOPvvZD4Beqcr6SA0BcL2neAja8g4h:cArbEosdERi2EWvZD4BZcuSt7eAjdgU

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wk31

Decoy

soroban.xyz

irfirstaid.com

irsaycollection.com

thebardownstairsasheville.com

facebookmeta.business

paypalsupportclient.com

metaversusfacebook.com

litakparuikamazon.com

rivianmotorcompany.com

metaversepro.us

ikramfamilypractice.com

bitcoinfuturesetfs.online

5donline.com

rosemount.us

nicole-steinfort.com

performanceautorepairsj.com

scrabblecheats.us

kjg67amazon.com

formerlyknownasfacebook.com

youtubeandgooglepay.online

Targets

- Target
  
  Items for new project-6109.exe
- Size
  
  519KB
- MD5
  
  7b2b82719683d8edaf37ec6bd895976f
- SHA1
  
  bda795d0e7993179ab7606142ea445d9d73872e9
- SHA256
  
  f500da8f49bd849bb4f6aa7644458bc0473a47e8ce91a09df137906b429e2ee8
- SHA512
  
  79b9eea7f65ff9a0410842d1b09a5dd550c8573044d016adb1539f646b86c7212b436133f0b991f0e72c7b14a0f8b08f7df64dd938359953270979955e6625ba
- SSDEEP
  
  12288:LCZhz3tD005nQeOEPEbEiX4FuQWout8FVNLpA:LCZhjC0I2DJUQjFVN
Score

10^/10

formbook wk31 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2