formbook

General

Target

b4c6efe830638972f4e71cdd7d25355b_JaffaCakes118
Size

717KB
Sample

240616-xz7neaxfjq
MD5

b4c6efe830638972f4e71cdd7d25355b
SHA1

151b41c0078c66651306b02879d7aa5a027d0ac6
SHA256

9613def893d5be7da45a15cbb94ed1d7c372351522695220ec2804fdbab95562
SHA512

6571f41323efd37d27c3ba67f09a75ee31547a344c9cf81ee064c637dd66e2f4cb9e3181bf7d60ec03929566f3ed00cecdb4a98e85da7cae84d6c74fe87ec6bb
SSDEEP

12288:moDIPSZVj0KgRCsjoJ6HWCeRRp5agN6Igzp3vv0xDbTvo2bP2OENXDIPSc3:lIPSZVjEpo4c15pNSzFcCnTIPSI

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch41

Decoy

109ch.com

mikesguitarclass.com

atelidev.com

hanafiquranacademy.com

bothpartiesmust.win

shelterevents.com

tianshenmaoyi.com

xn--iev583c.com

minijin.net

laka-nosy.com

kireini-biyou.com

gymequipment.click

kena.ltd

taoorders.com

upstairsblogs.com

zubi17.win

direct-mobile.com

bdtimes.info

nyssyf.com

fordnotice.net

Targets

- Target
  
  b4c6efe830638972f4e71cdd7d25355b_JaffaCakes118
- Size
  
  717KB
- MD5
  
  b4c6efe830638972f4e71cdd7d25355b
- SHA1
  
  151b41c0078c66651306b02879d7aa5a027d0ac6
- SHA256
  
  9613def893d5be7da45a15cbb94ed1d7c372351522695220ec2804fdbab95562
- SHA512
  
  6571f41323efd37d27c3ba67f09a75ee31547a344c9cf81ee064c637dd66e2f4cb9e3181bf7d60ec03929566f3ed00cecdb4a98e85da7cae84d6c74fe87ec6bb
- SSDEEP
  
  12288:moDIPSZVj0KgRCsjoJ6HWCeRRp5agN6Igzp3vv0xDbTvo2bP2OENXDIPSc3:lIPSZVjEpo4c15pNSzFcCnTIPSI
Score

10^/10

formbook ch41 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2