formbook

General

Target

JaffaCakes118_7c21461914fbd1854a863531d4078378
Size

655KB
Sample

250107-158z7stjfp
MD5

7c21461914fbd1854a863531d4078378
SHA1

4112fdd8aa4c281105ec457ac6b8aaf2d4026d7d
SHA256

7e719f702ee177f2097243736cd7d672fe433fe51d6528313c807b4f2a05ef27
SHA512

2e32a641c67f5b864fb1c212018edd10ad7aacf2a2b550383dcbbef98de02cc8a220cb56f02576d7232d379c25ce773b4564cd46f69ce17e90a91ce634cb9d74
SSDEEP

12288:gTKA5EajbKmxg2vBQHXbIDDzMrWXyZRVHPkNYf4ZAjcGJxaTOdWJIUuxb:gTKA5EGISQ3b+DzMrXnVPk2f4Ajh3iJ4

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

- Target
  
  JaffaCakes118_7c21461914fbd1854a863531d4078378
- Size
  
  655KB
- MD5
  
  7c21461914fbd1854a863531d4078378
- SHA1
  
  4112fdd8aa4c281105ec457ac6b8aaf2d4026d7d
- SHA256
  
  7e719f702ee177f2097243736cd7d672fe433fe51d6528313c807b4f2a05ef27
- SHA512
  
  2e32a641c67f5b864fb1c212018edd10ad7aacf2a2b550383dcbbef98de02cc8a220cb56f02576d7232d379c25ce773b4564cd46f69ce17e90a91ce634cb9d74
- SSDEEP
  
  12288:gTKA5EajbKmxg2vBQHXbIDDzMrWXyZRVHPkNYf4ZAjcGJxaTOdWJIUuxb:gTKA5EGISQ3b+DzMrXnVPk2f4Ajh3iJ4
Score

10^/10

formbook h0gd discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2