formbook

General

Target

JaffaCakes118_039a772d1406c7ad7518515834bce307d39517eab581e8e829a11dd4f8a0de0d
Size

242KB
Sample

241230-d65ylsxjev
MD5

1e2ed277f6762a11dd6b05ac588c8a23
SHA1

88aa3bb71de219e3a66bab3b383e1cc2d4c711db
SHA256

039a772d1406c7ad7518515834bce307d39517eab581e8e829a11dd4f8a0de0d
SHA512

7bdcd2aed94a42e5181497989489eba3b18b412f55133452fc69522ca6ca5a8246d7d684e1fadc9e834dbcc11017e579c46e8ed8d846f0451bfe9249db43c7ee
SSDEEP

6144:pBekuJwQlR3AhA2esigd+WHWQ1IBP23d0QTdE:jzuJxlZAhUggWa23d0wdE

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a2d5

Decoy

theplam.com

kfmlegal.com

labottega.xyz

hhhtshg.com

kamerabudi.site

advancedsportz.com

hyperactive.life

mintyjazz.com

ashhpega.xyz

jbo.mobi

longthienvn.com

edwanflorist.com

sonyahfond.com

thezebraeffect.com

techgadgetssolutions.online

sekshikayeara.com

tavrida.xyz

vesulyo.xyz

pomegranatenoir.com

kaapcabins.com

Targets

- Target
  
  SKM_C224e2104221317034443434434342244347.exe
- Size
  
  254KB
- MD5
  
  b312e3f54db0e9ba83b2a454b5de4bf1
- SHA1
  
  d5e9f1c71b6fc9b30c61a7267a4b5b032a611c9f
- SHA256
  
  6a06e74bde0a136b6d9b96b6093e1fc6d09f78adb6b167adcf82106356de3388
- SHA512
  
  5155e3aa8bd6a5c405bfbe92c66ad6e616b6e3c8c07d7ec5a54e09c247f8c3e514696e4104a71903f5f22f38085c68529f1df6eae46cc1edeb89725b76423e8e
- SSDEEP
  
  6144:wBlL/chrXUIY+prolgrBh6tikiWFNXiWX8+:Ceh2+prOsz6ckZzSWX8+
Score

10^/10

formbook a2d5 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/pesaakdq.dll
- Size
  
  33KB
- MD5
  
  184b758268965aca6018f69dfe7d18d3
- SHA1
  
  3a25a53a14f5639ff368a33e8ec8a806d059c7eb
- SHA256
  
  a8d25a38820df99aa1b1be9dce4a30a99ec01c11287fe75cbdf02f8120e4935d
- SHA512
  
  aca7cee419ed6bd1bfe30f25d1cd59f8a5e98c88ba1c786e3f9b5814fd316d26d7e013ab6b85a475dddd598756ee4f3fea8027dbb693d54f6fd09e094cb65e85
- SSDEEP
  
  768:rLUr9syb+VROVYKXdbc3X4FCSzKFPXtFfHAmfA3CmauJJ9t6FezTiKFH1Y5F:rLEs8pA6gA3Dnn6szTiKFH1mF
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4