formbook

General

Target

JaffaCakes118_d1f76ed4210b6bbbf232271b8b198133
Size

256KB
Sample

250109-zjkj2sspcm
MD5

d1f76ed4210b6bbbf232271b8b198133
SHA1

a8407cfa0da5ecffdfeeb22a824f4e9fa368249e
SHA256

6e025a1d72e2abfb9c0fb6c945d3fcdbe2124c5d68d8f5fb09b8389bc30f799e
SHA512

de396811bc499eb12b2f02d79262d0dc4962d8e96a260ba493a70883edf79261c540709b5f957bea853bd810ba1934a3c9ca623a10726d1648cb1bd4a7093138
SSDEEP

6144:wBlL/c4ANoQTYbc6xdeyRF4gBIDi0dlwSKSSiOHq0IpE7A:CebN/T0cIeQF4gBb0dlwSKv7Z7A

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv9n

Decoy

olivia-grace.show

zhuwww.com

keiretsu.xyz

olidnh.space

searuleansec.com

2fastrepair.com

brooklynmetalroof.com

scodol.com

novaprint.pro

the-loaner.com

nextroundscap.com

zbwlggs.com

internetautodealer.com

xn--tornrealestate-ekb.com

yunjiuhuo.com

skandinaviskakryptobanken.com

coxivarag.rest

ophthalmologylab.com

zzzzgjcdbqnn98.net

doeful.com

Targets

- Target
  
  JaffaCakes118_d1f76ed4210b6bbbf232271b8b198133
- Size
  
  256KB
- MD5
  
  d1f76ed4210b6bbbf232271b8b198133
- SHA1
  
  a8407cfa0da5ecffdfeeb22a824f4e9fa368249e
- SHA256
  
  6e025a1d72e2abfb9c0fb6c945d3fcdbe2124c5d68d8f5fb09b8389bc30f799e
- SHA512
  
  de396811bc499eb12b2f02d79262d0dc4962d8e96a260ba493a70883edf79261c540709b5f957bea853bd810ba1934a3c9ca623a10726d1648cb1bd4a7093138
- SSDEEP
  
  6144:wBlL/c4ANoQTYbc6xdeyRF4gBIDi0dlwSKSSiOHq0IpE7A:CebN/T0cIeQF4gBb0dlwSKv7Z7A
Score

10^/10

formbook rv9n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/lcfqe.dll
- Size
  
  48KB
- MD5
  
  849b29a5363106f1ec41b2b6bfce6b6d
- SHA1
  
  bfdccdb25cbcf5bb55e42169f542513dd6881139
- SHA256
  
  e3dfe132ec3fcfcbb1146154212ba1b1c4221cea1b79cded3cab7fc65c3cc54b
- SHA512
  
  28d568102227e1e3c12ff91dff5a8dc1c119d8d21c062706f8a5e561da09b089c284feaa49040fbadc7e1ff911563c7fdd13866af67a1c8256cd44af312f5074
- SSDEEP
  
  768:Fg7dbS3GVz7e1MPkrtzs5tjUKH1KJpdxCBrhLxCKFU:Fg7+0z7e1IkRwjrHAvdwBr9xCK2
Score

10^/10

formbook rv9n discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Loads dropped DLL

Suspicious use of SetThreadContext

Formbook

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4