formbook

General

Target

JaffaCakes118_b552a8e29b645cd0c215d1421e6fd876056fc4acac2f8a5c4b6b895938a1112d
Size

375KB
Sample

241230-dr4r1awpcp
MD5

e1cfe8cc6b4cfa41a961a17b1b5b8366
SHA1

2cf0ac4d9b9ac5353375bb5a0c6ad4345b57b76d
SHA256

b552a8e29b645cd0c215d1421e6fd876056fc4acac2f8a5c4b6b895938a1112d
SHA512

36c77157020a823bdcc4911ddb425a61e0c785547be7b87682713b47b679935d7fa377b386e421d3d3ef3f8cb0caa81b4711d7304483c6ab8bab2b8e55bab9d8
SSDEEP

6144:P2kow/mhbWrfou2IP4YtAO1DY9AroRd+UAKWOtCvVO1DYOjTct6CujunOdkSEJmw:P2YOhbYou2IPzRbreftkVsYOjTTLunOo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v82

Decoy

fasonplastikenjeksiyon.com

yallamama.com

konsico.net

rahalahrgypt.com

bamboopages.com

rossdailey.com

bqgjgj.space

libertystalehouse.com

ondiscoverybox.net

karinheeling.com

spankmouth.com

yehbro.com

constmotion.com

propertysrv.net

smart-aligner.com

ibuybeerhandles.com

vertelog.com

xn--299ayyg42f.com

lordogtelluride.com

teslaglobalservices.com

Targets

- Target
  
  September Order 013.bin
- Size
  
  457KB
- MD5
  
  7f8cb6b9584e368e23bb6196b9339d4b
- SHA1
  
  8a9a15a6918831cda768a458c416ba5f7b4b048a
- SHA256
  
  6259281a42f5498a686ace4bbe4be976725cbd39d6b0e14725e3d068944e5352
- SHA512
  
  e5caf85e11c2b1e0683c749dc19a01a6ff75110871452c3bfd4dd5666d5271e52f3d0bdb7367db8234b9fb50519b4b13371347208180057d05e4f0933bc54ddf
- SSDEEP
  
  12288:GU/un/eEda46PPLrNt91PnGVj7pHqPmS1OfaF1:G8PNL1PG1pEmdC
Score

10^/10

formbook v82 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2