formbook

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_f53d22a170fad5a62416ad82220d188bbda9ca64c9dc509920019698bff1cb74
Size

227KB
Sample

241230-v6h8aatncz
MD5

1abace7e9799fc92c4c412fc4fab7581
SHA1

89479ce72af34f42d9e1363aa64c6047fce2bbe8
SHA256

f53d22a170fad5a62416ad82220d188bbda9ca64c9dc509920019698bff1cb74
SHA512

db29718964c516b80169f7b8de126d304daa51b71067db7fcb3356d7d7909cf964fd7b3503435177cb47b28cf60a4df93448cbd02dd553754edcd1a3dbb67ac6
SSDEEP

6144:+jnVe9fMlsv+SFxjJsSCtFm028H0rgvT1Qerf/iqW:6noPdJsf928HB7r2

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ngvm

Decoy

justiceforashleymoore.com

tyqbfe.com

zydonghua.com

crossfootwear.com

mysticlight-shop.com

digitaldefenseacademy.com

joyfulgoodies.com

blog-kotori-haru.com

atelierlinneakunstoghelse.com

destinyonlineacademy.com

series.onl

bellizzo.com

totalscalpsolutions.com

musicrowstudiorecording.com

digitalgamerentals.com

princecreativehk.com

bitchesofzion.com

imodalmarine.com

chilly-sauce.com

studionikolla.com

Targets

- Target
  
  SHIPPING DOCUMENTS.bat
- Size
  
  286KB
- MD5
  
  3bfed708b8b2bb2218e5aaea51af6c87
- SHA1
  
  89f8ddd855e13bbfadd3bc0fabba8f92242eb6b7
- SHA256
  
  c05bf234f0a814069b3cd844d38944e8e704bff80981657d549041b84c905da0
- SHA512
  
  bdc3657efb44736c96857c3a63d53b9ed4bd71c4c022fbd87f18f59aa46fda87f8ff0e4be735efbee7e06dc2e1dd2010996e51d0c06a7bcbf09c40e0960da46e
- SSDEEP
  
  6144:6Qqes0a6E1950u0f96+A9VIbpY26NIctdRPvB:816sPlZkpAIctfPvB
Score

10^/10

formbook ngvm discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  acc2b699edfea5bf5aae45aba3a41e96
- SHA1
  
  d2accf4d494e43ceb2cff69abe4dd17147d29cc2
- SHA256
  
  168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e
- SHA512
  
  e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe
- SSDEEP
  
  96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NBProjects/ParticleFirmware/nbproject/private/uninstall-particle-toolchain.exe
- Size
  
  84KB
- MD5
  
  17b75e1a3997e2667a3a51885e9620ba
- SHA1
  
  2c29f37c9d8f2c6cec308644f3a1fbcd61e97dec
- SHA256
  
  02d30295a5f079deeee621ca82fa577e60d96a31804098c4dd25d6c5a7b8f012
- SHA512
  
  52d242f943d0b3946816c1c271682eeb89ae3f16f14efb5f6a2009375f93311900f6b115b6bc9849df41dc0ceab432615644111b1332588fb92aa4b1d370db25
- SSDEEP
  
  768:h4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJtPJRn1s9uQjQMhCKQD:6LXB65939tY6HBg4sXJt9s9PjQMkZD
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8