formbook

General

Target

afd99d61920e4ec13867a79c3b108d50_JaffaCakes118
Size

413KB
Sample

240615-xfg9eavemn
MD5

afd99d61920e4ec13867a79c3b108d50
SHA1

6f40885b618fedc62b760fbcbbf142a2a271bdd0
SHA256

1f39e6a010f115acd80ff77f51014ec51c73add290d5377f8b3e13445761c77f
SHA512

907e8edce6998f471e185a1dda7cb39b7ded298641d4d942cede90731913a68eff2fab9f292d50318863b53b16ff10a407040952692aec1e15ce95756a4cfd6c
SSDEEP

6144:nf0IhhtpWXswZQUvAjXAYAabyAI4AeLa8xThl+un1cE/N45MuOI0pkxLR78GKlhc:bhtpWXx3E/NyB0SxLRNkU0fqmu7

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gmc

Decoy

lidaisifang.com

allthatmarket.com

izebike.com

believers.community

redwtf.com

garageloftdesigns.com

flatfeerealtyjax.com

top7blog.com

isotopemimosa.win

turkiyeyedonuyorum.com

rennlaist.com

industryepidemics.com

ps2korea.com

gregoryoreilly.info

bestcheapoemsoftware.com

gudkar.com

soccer-scoring.com

noakhalaup.com

fusejs.com

sendereasy.com

Targets

- Target
  
  afd99d61920e4ec13867a79c3b108d50_JaffaCakes118
- Size
  
  413KB
- MD5
  
  afd99d61920e4ec13867a79c3b108d50
- SHA1
  
  6f40885b618fedc62b760fbcbbf142a2a271bdd0
- SHA256
  
  1f39e6a010f115acd80ff77f51014ec51c73add290d5377f8b3e13445761c77f
- SHA512
  
  907e8edce6998f471e185a1dda7cb39b7ded298641d4d942cede90731913a68eff2fab9f292d50318863b53b16ff10a407040952692aec1e15ce95756a4cfd6c
- SSDEEP
  
  6144:nf0IhhtpWXswZQUvAjXAYAabyAI4AeLa8xThl+un1cE/N45MuOI0pkxLR78GKlhc:bhtpWXx3E/NyB0SxLRNkU0fqmu7
Score

10^/10

formbook gmc rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2