formbook

General

Target

JaffaCakes118_1d024b5fb222f690e2437776dba5cecd
Size

431KB
Sample

241231-p8nmws1na1
MD5

1d024b5fb222f690e2437776dba5cecd
SHA1

3bc42dd5835072842a7dbe4bc75db9480d4781e9
SHA256

dfa72cfd2cf8b1c3beac907a91042e344a301923e8e40b88541e850161eae6eb
SHA512

e1812ba005ed0d873cc43233d156f35b126d47228ec204900137f3676685a501ab1440b45d50b66b72da9114421d292f60ff1bbe817ea7200ef8c0a54cce2b51
SSDEEP

12288:NVKqL95GKVh5QIXIxUOCY+5JHgc/73EW6kSb836D4X4pznu:NV9NB6+5Wc/7UWobAiOMnu

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  JaffaCakes118_1d024b5fb222f690e2437776dba5cecd
- Size
  
  431KB
- MD5
  
  1d024b5fb222f690e2437776dba5cecd
- SHA1
  
  3bc42dd5835072842a7dbe4bc75db9480d4781e9
- SHA256
  
  dfa72cfd2cf8b1c3beac907a91042e344a301923e8e40b88541e850161eae6eb
- SHA512
  
  e1812ba005ed0d873cc43233d156f35b126d47228ec204900137f3676685a501ab1440b45d50b66b72da9114421d292f60ff1bbe817ea7200ef8c0a54cce2b51
- SSDEEP
  
  12288:NVKqL95GKVh5QIXIxUOCY+5JHgc/73EW6kSb836D4X4pznu:NV9NB6+5Wc/7UWobAiOMnu
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2