formbook

General

Target

ab494f466a82dd77680845c90d3d374d_JaffaCakes118
Size

255KB
Sample

240614-y4fadsvand
MD5

ab494f466a82dd77680845c90d3d374d
SHA1

557fddb9db8aa0f6e72644d0e26e5886930e2310
SHA256

9fe305213e6584a14e5d687540d178a989acb5de8ea5815dab4c262a4f4955da
SHA512

9432d3ea685d2a822aac09a52f6898bb542a95736f296aed43e2a3c1ca074df1c11d08ad99a90698f4b19bc08f85764cc1e57187bcbe90ddcd02991fb59f7565
SSDEEP

6144:8fTuKv/3or5iS1CtvHUC6SQFUZGd3kP+ILbqx6:aTubtL14PrJQuwd3YRL2x6

Score

10^/10

formbook wo rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

wo

Decoy

studentepd.network

skinsensemoreqe.com

egrevore.com

2xa01v.info

detoxqueen.com

lumiity.com

urbanned.store

appleclinicaltrials.com

bledfetneknauer.win

tdhonlineadv.com

trendcosmo.com

eulermedia.net

bluewatersinvestments.com

hebibafang.com

sacrpc-cad.com

involo.agency

cultivatingajoyfulhome.com

zilkinvestments.com

3taoquan.com

ipmi.group

Targets

- Target
  
  ab494f466a82dd77680845c90d3d374d_JaffaCakes118
- Size
  
  255KB
- MD5
  
  ab494f466a82dd77680845c90d3d374d
- SHA1
  
  557fddb9db8aa0f6e72644d0e26e5886930e2310
- SHA256
  
  9fe305213e6584a14e5d687540d178a989acb5de8ea5815dab4c262a4f4955da
- SHA512
  
  9432d3ea685d2a822aac09a52f6898bb542a95736f296aed43e2a3c1ca074df1c11d08ad99a90698f4b19bc08f85764cc1e57187bcbe90ddcd02991fb59f7565
- SSDEEP
  
  6144:8fTuKv/3or5iS1CtvHUC6SQFUZGd3kP+ILbqx6:aTubtL14PrJQuwd3YRL2x6
Score

10^/10

formbook wo rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2