formbook

General

Target

JaffaCakes118_c6abdaa32f339cd2d1fcb6cfba64e82cb5279941f4956e7cc1b209ce843d20ef
Size

453KB
Sample

241230-x6mltaxnez
MD5

afe200674b8e2d65c0781d22945068e2
SHA1

a4281c54d6f1df4528b2f4ca2fd9119eb90e01ea
SHA256

c6abdaa32f339cd2d1fcb6cfba64e82cb5279941f4956e7cc1b209ce843d20ef
SHA512

6f9ab73e9f86b132d654ecb487bed77a2461f3a02477a5de9daa0b4556df6cbb39248971b2cd67fd5eff1e7177991265d57234467905c0f47a34cb6305439847
SSDEEP

12288:zayoASY9ZFk4ufWP7jUHcmX85uBEPiczAjQ1Hxlp:zUAx9Zq4kEWc7A0/A81Rlp

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nm8

Decoy

bloominggardening.com

uds261.com

kerrnightsky.com

1010cookstreet.net

futuremediaisnow.net

ordersinfoinq.com

bitcoinautomatictrade.com

thedreamsfreshet.com

jukjam.com

aerialc.com

strategiclearning.group

spitfind.guru

healthyteamhealthybusiness.com

willow-and-hill.com

gracioustouchintl.com

alwaysontimerecruiting.com

kufars.info

tennesseepaymentrelief.net

lojaim.com

sinantiseme.com

Targets

- Target
  
  Your parcel has arrived urgent pick up needed today.bin
- Size
  
  790KB
- MD5
  
  5dbc327a87495d4ec096dff7df906f68
- SHA1
  
  521885924b945ada9f71766129dbf29b32a0d9fe
- SHA256
  
  b5236355c56c9f54eac0f8ace1dcaf129165e17b63d42e038500417c806103d9
- SHA512
  
  660a29913166a7b4b83fd45fb1060c680f3f74dd79c1fedc06b6908e6ea66484ba2beb0d6d3097643a96f937819942a34b8b9e517aad0cf57984c30dedbb77f0
- SSDEEP
  
  12288:6cFUncJ54irus265GoqlDX1YH0COI+w7Ror6PpGg+l2K3RYUOq/yJlweqz3xxqHs:OnYnuRcBIoGblBhj8lxqzdpD3bE9
Score

10^/10

formbook nm8 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2