formbook

General

Target

afa1f1e2431e946dabc785135bb49796_JaffaCakes118
Size

631KB
Sample

240615-wdvahsyhne
MD5

afa1f1e2431e946dabc785135bb49796
SHA1

bdc5d91a7055fe531cbc37969427db58bb954508
SHA256

414981248ce4add440d42b94db54d8badb3c6292531c7fc41f2a598720f61403
SHA512

c593f6eb4ec9c9287a72d38f8bf51abbc8520e9ac4ad92c3f8dab52126c06c2346aeac9448b5b3d1914cd1694145db8400568ff2e071ea71286e2743c7bd25ab
SSDEEP

12288:eE5TvcnBI9m5Xq+geZ7KM7XYrveJ/8kprLT3hYOeSOm+:eqcBI9m5IeNr7XYrWJZ/32OeSOt

Score

10^/10

formbook bs rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

bs

Decoy

qiancheng.ink

smyeoii.win

bluelightscampaign.com

partemail.site

xn--nckd9a8e8d.com

sharpart.net

customillusionsstl.com

else-marketing.com

thetaxglossary.com

ubaiyi.com

gihkf.com

rajshahishoppers.com

thekinasihbogor.com

paintstracts.com

veraspirits.com

1500pe.com

mv7on.com

masstortlitigator.com

simonsem.com

booker-media.com

Targets

- Target
  
  afa1f1e2431e946dabc785135bb49796_JaffaCakes118
- Size
  
  631KB
- MD5
  
  afa1f1e2431e946dabc785135bb49796
- SHA1
  
  bdc5d91a7055fe531cbc37969427db58bb954508
- SHA256
  
  414981248ce4add440d42b94db54d8badb3c6292531c7fc41f2a598720f61403
- SHA512
  
  c593f6eb4ec9c9287a72d38f8bf51abbc8520e9ac4ad92c3f8dab52126c06c2346aeac9448b5b3d1914cd1694145db8400568ff2e071ea71286e2743c7bd25ab
- SSDEEP
  
  12288:eE5TvcnBI9m5Xq+geZ7KM7XYrveJ/8kprLT3hYOeSOm+:eqcBI9m5IeNr7XYrWJZ/32OeSOt
Score

10^/10

formbook bs rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2