formbook

General

Target

a97f874d6313ccfefceec77c2ccf1fda_JaffaCakes118
Size

814KB
Sample

240614-nv5htashnj
MD5

a97f874d6313ccfefceec77c2ccf1fda
SHA1

0b140d33ec06f7387ad3763e30c091b255d4115e
SHA256

b5abd46caecf027f71d1dc3c78d490092a82d70dea355cf83523a70b6967be6e
SHA512

fd8e26830e6a511ae8b16cd6798cde208bf0584ba4f89fd2321b6a47ccde401860bbec1485904dea0feae42349b553744711d4e5d3bf3b4631bb9119b1b69110
SSDEEP

12288:e+WhWEyIueil9U4zx+InkxPn6L7KHPpwsXafAJJDBuoMY3l9Uae:eIRIWl9U4zUNP6HnqafAv1n3l9UB

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch35

Decoy

sitepm.site

chancein.net

urbanairer.com

jxzr888.com

maynewyork.com

snowcamel.net

montqranite.com

beijingplanettrading.com

private-placement-program.com

cureguru.com

elementorlandosouthwest.com

ohdoll.com

sunsationalpools.net

bionic.claims

0pe485.com

cc1231.com

waterdamagesoluton.online

melionp.reisen

bioepidemic.foundation

iprofi.online

Targets

- Target
  
  a97f874d6313ccfefceec77c2ccf1fda_JaffaCakes118
- Size
  
  814KB
- MD5
  
  a97f874d6313ccfefceec77c2ccf1fda
- SHA1
  
  0b140d33ec06f7387ad3763e30c091b255d4115e
- SHA256
  
  b5abd46caecf027f71d1dc3c78d490092a82d70dea355cf83523a70b6967be6e
- SHA512
  
  fd8e26830e6a511ae8b16cd6798cde208bf0584ba4f89fd2321b6a47ccde401860bbec1485904dea0feae42349b553744711d4e5d3bf3b4631bb9119b1b69110
- SSDEEP
  
  12288:e+WhWEyIueil9U4zx+InkxPn6L7KHPpwsXafAJJDBuoMY3l9Uae:eIRIWl9U4zUNP6HnqafAv1n3l9UB
Score

10^/10

formbook ch35 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2