formbook

General

Target

a51b305d46ffaf99c0e22947ca9dab99_JaffaCakes118
Size

171KB
Sample

240613-mm42msygnm
MD5

a51b305d46ffaf99c0e22947ca9dab99
SHA1

4c849d8cb31064a4cf8662b7ca928f9d6400f212
SHA256

6f4fbebfa1e80ede53f52fa98f180fc3ad9938504b7824dbf5e1a3d69f722f4d
SHA512

641a7b897ef456a423b91c307ae8a091c9b183fa94bc3a2e3015e33405f548f4894704ab2466c10ac8d8b399bc59a51ca771ba4b1420bcef6264e84e3f43e3d5
SSDEEP

3072:K2lyjP4+eFt7A+xGLHLllRAuSme2d57c3NFTiPCr5nT4eE8tdIvso0Pm7U04P2Y6:KwyE+eFtKllRrXMOTaTXPm7U04+YIOo

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

mx40

Decoy

vr-edu.group

mangobajo.com

390hash.com

coin-project.com

haninmax.com

ephotgraphyonline.info

gini.ltd

occurri.info

retireviainternet.com

thegoodkindacrazy.com

colebrookwines.com

fermartinezphotography.com

taurustal.com

lage.ltd

opportunisticnomnomivore.com

eoc-org.com

soinsdentaires-etranger.com

americanas-aniversario.com

weixindaochu.com

aliancabrindes.com

Targets

- Target
  
  usd23000scandoc.pdf.exe
- Size
  
  184KB
- MD5
  
  5f38331663118f710642957241c9238d
- SHA1
  
  04781426ede2fa8852f25ed2da5594db74783773
- SHA256
  
  ec4d14568d4e11d2f5a78f752eaaf3770eaf939d192affd7ef935e418f632024
- SHA512
  
  c0e8dbdd14f1963f41de266b58f427a83d80636ddf7c11bcbb8cb1a49fabf0b402b0895ba4f5328960a174bfcc11a75016bbc5c7588e2d7d1eb03e6297fcdd1e
- SSDEEP
  
  3072:SyvIcfKQjH4ULQtYyhEgHqjex7ob2TU5Nb8yW2vqwxmr7DQ03LiTIpe+HJeUlp:Sywc9DLQtYyhcjf6WGyFfC7DQcow
Score

10^/10

formbook mx40 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2