formbook

General

Target

b5f4ecf1a13b7ef894523c990b963a84_JaffaCakes118
Size

525KB
Sample

240617-arydfavhpc
MD5

b5f4ecf1a13b7ef894523c990b963a84
SHA1

7dfdc4f3d25f6b11c73e3eba0ffa5925c23ee7e2
SHA256

157d4620189778ea181eb65ebcba012dc8c7af3a9a9cf3ceb6560daf91df940c
SHA512

862e55e6619f072a8a0da44c63ddd6e1a7fd1a23daa0b4244a305b61c06d95a4ec1b158760990958163dce21042bf74bf6f083f37c8fcbb74bb001836476f0e4
SSDEEP

6144:4n7MUMpVvo8i72Kqwiymx1IOkmykNnK5+gWxKbqQEskb+LOHwr6X/7cH9bMf2n8H:4kVvfA3FmXBykNn2bqFskuBr/qnp5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

private

Decoy

epsilonducts.net

stateofpunjab.com

followthegirl.com

parol2.men

hungryforlondon.com

comercializadorafqe.com

sippinteawithlynnmarie.com

qianbi.group

tbfuk.com

ladybosscbdoil.com

reginatowingservices.com

avangardmerefa.com

rn-structure.com

skymansionexpatriate.com

eloiseantonie.com

leegardenapartmentsbeijing.com

selfievideochallenge.com

kay-lubcke.com

buybitcoininmalta.com

pusatgrosirgamismuslimah.com

Targets

- Target
  
  b5f4ecf1a13b7ef894523c990b963a84_JaffaCakes118
- Size
  
  525KB
- MD5
  
  b5f4ecf1a13b7ef894523c990b963a84
- SHA1
  
  7dfdc4f3d25f6b11c73e3eba0ffa5925c23ee7e2
- SHA256
  
  157d4620189778ea181eb65ebcba012dc8c7af3a9a9cf3ceb6560daf91df940c
- SHA512
  
  862e55e6619f072a8a0da44c63ddd6e1a7fd1a23daa0b4244a305b61c06d95a4ec1b158760990958163dce21042bf74bf6f083f37c8fcbb74bb001836476f0e4
- SSDEEP
  
  6144:4n7MUMpVvo8i72Kqwiymx1IOkmykNnK5+gWxKbqQEskb+LOHwr6X/7cH9bMf2n8H:4kVvfA3FmXBykNn2bqFskuBr/qnp5
Score

10^/10

formbook private rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2