formbook

General

Target

JaffaCakes118_bc953f7124b6516cd04745d9cc61ebd3
Size

415KB
Sample

250105-zgr64sxnfk
MD5

bc953f7124b6516cd04745d9cc61ebd3
SHA1

ad0d175d506fdbee2009bcdbb7bfb4fe69845a1b
SHA256

ff8236a838496d7e7ae1363fd45db6207023f6d8fc26a7ddaf2f1f4f40d2397c
SHA512

72ac670af019bec185c4e6dfef1aed408e6ee55afcb4d07b50713ff608e0809bb6555caee8ddc5c924afaa7ba1fe8462ce333518aa0a00dbff2a5cae563495c3
SSDEEP

12288:41ysw08Vj3I2mzOC1BkPeriPswLfBCCMqP+:41I0baIB32kwLoqm

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  JaffaCakes118_bc953f7124b6516cd04745d9cc61ebd3
- Size
  
  415KB
- MD5
  
  bc953f7124b6516cd04745d9cc61ebd3
- SHA1
  
  ad0d175d506fdbee2009bcdbb7bfb4fe69845a1b
- SHA256
  
  ff8236a838496d7e7ae1363fd45db6207023f6d8fc26a7ddaf2f1f4f40d2397c
- SHA512
  
  72ac670af019bec185c4e6dfef1aed408e6ee55afcb4d07b50713ff608e0809bb6555caee8ddc5c924afaa7ba1fe8462ce333518aa0a00dbff2a5cae563495c3
- SSDEEP
  
  12288:41ysw08Vj3I2mzOC1BkPeriPswLfBCCMqP+:41I0baIB32kwLoqm
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2