formbook

General

Target

JaffaCakes118_3437d0b089789824090fe75c6a7f9bd4ee86cd749aec304a3ab3a409f3feecbb
Size

827KB
Sample

241230-xwczmaxjex
MD5

50acc1248ad3341ec520b1940a700f07
SHA1

eb3171494d49c0dc2b982342f85421ef7d7279bb
SHA256

3437d0b089789824090fe75c6a7f9bd4ee86cd749aec304a3ab3a409f3feecbb
SHA512

e4f666e658666bdaa747f17e162041885f5809c774fd0c683d10baff8b8c5896ef943f7579fad7677341d195d07b05d9eeec7b6d742fee935e2f497a7054a9aa
SSDEEP

12288:nr9TkqZuTuI4n7H/eJLGAARvsjS3ErSRuLW1VmKKCMOF9SaLukyc/+XciekEA3Kz:bKGvlsQEWYCHmKKhm93vycfGG

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bt33

Decoy

mbaonlinefreedegress.info

myforevermaid.com

daoyi365.com

weientm.com

legal-mx.com

formationrigging.com

heidiet.xyz

school-prosto.store

healthvitaminnutrition.com

digitalsolutionusa.com

little-bazar.com

jnbeautycanada.com

optoelek.com

learntoairmail.com

hawkminer.com

kingofearth.love

ktnstay.xyz

zouxin.love

mainlandpr.com

mamm-hummel.com

Targets

- Target
  
  JaffaCakes118_3437d0b089789824090fe75c6a7f9bd4ee86cd749aec304a3ab3a409f3feecbb
- Size
  
  827KB
- MD5
  
  50acc1248ad3341ec520b1940a700f07
- SHA1
  
  eb3171494d49c0dc2b982342f85421ef7d7279bb
- SHA256
  
  3437d0b089789824090fe75c6a7f9bd4ee86cd749aec304a3ab3a409f3feecbb
- SHA512
  
  e4f666e658666bdaa747f17e162041885f5809c774fd0c683d10baff8b8c5896ef943f7579fad7677341d195d07b05d9eeec7b6d742fee935e2f497a7054a9aa
- SSDEEP
  
  12288:nr9TkqZuTuI4n7H/eJLGAARvsjS3ErSRuLW1VmKKCMOF9SaLukyc/+XciekEA3Kz:bKGvlsQEWYCHmKKhm93vycfGG
Score

10^/10

formbook bt33 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2