formbook

General

Target

JaffaCakes118_81b6eb47d0ce09b5fa5b7a6d6e16cdf15de3f58242f7910d1295054473064479
Size

750KB
Sample

241230-gbs74szmfk
MD5

6140ac40fde81c7cac36bb6d5e14debb
SHA1

969211c51538363061b74e9059a1c3ab6469b003
SHA256

81b6eb47d0ce09b5fa5b7a6d6e16cdf15de3f58242f7910d1295054473064479
SHA512

d32fc1d56ee25aa025e22bdbd67d019e55ed8ceab809f3e6050b31b8fd178f30d0c0d917211db29288438eabde986395212f247b10752bd12fe418a5fb46aa1b
SSDEEP

12288:bnJvloaNh9Aq8XwFFyUoYfXWQowDEwUXQTPoSrRAhMBkdl8bB8g8mC8d+T8J8TiY:bnBzNvFEUQQo8EwsQTwSOhMBkdi98g+F

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j02y

Decoy

toplinkstorage.app

danny-mickey.space

0755aite.net

okchurch.info

4tlracing.com

jacksoncafepaola.com

552northvictoria.com

eevakoskela.info

tradecontractortraining.com

abtbank.online

voicetall.com

chicken-shack.com

acmumzo.info

futureclosers.com

bctugala.com

adagihlina.xyz

emprendeahora.pro

bybala.com

hlcp5533.com

ingspira.com

Targets

- Target
  
  cópia de pagamento.exe
- Size
  
  907KB
- MD5
  
  9b19fc7d612041a80bf9934df29182df
- SHA1
  
  1f919621f1d67db72b2bc06d5c3a3a44b4dadca6
- SHA256
  
  7b18ea6437aefcf7e56f6b547f41043267e7fb17c93ed5b139070c550fc7b65b
- SHA512
  
  29d2524403cbcf015781cf0bd27fde9b56a4304ab79a69c831f7a78cb3b39e20c88364603ee228096ab98fa3d2f036249b2a2a873082a89e573cb642c7e0179d
- SSDEEP
  
  12288:Vxu3f7pCT/0e5hz9bH2iN+T/0e5hz9bBBULna0zwa1CgxV5KHBzqAKhKX6fIhT37:VqAT/0shbH1cT/0shbvU7aC58tqAmib
Score

10^/10

formbook j02y discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2