formbook

General

Target

b7189c8229baecede904e58eff8438c7_JaffaCakes118
Size

420KB
Sample

240617-gq8w4sxdqe
MD5

b7189c8229baecede904e58eff8438c7
SHA1

e3637bd5028b35dddd27fc1f836076cd4ba3eb61
SHA256

a47718c57ed25e5c30f0ea7c68952d6aae4ec1f4f0e889d7edae01228334cd14
SHA512

15587ae65ac51b87ada349b2a4acd8333ac61687cfda1de9846630a3123154a7621398b1d8bbeff511e19b4c0d9b3180010059383c61bf0109388585cdc824f5
SSDEEP

12288:q6/vbcscYE/kaI6mdVHq+dTQT/cHcFZcmD:qGArYEMaI6mdVHRycHgcm

Score

10^/10

formbook be agilenet rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

be

Decoy

funtimejacksonms.com

vivrepourlamode.com

leonisviridis.com

this-hiking-cycling.com

quintavenidagym.com

bigfishsurfboards.net

visitbeiliu.com

mobileappsdirectnow.com

globusholdings.com

panopolisclub.com

qrw.info

presize.net

flsjapan2012.com

englishpremiershipcamps.com

studiolgm.com

fernandomellovianna.net

villa-le-boqueteau.com

souqmore.com

trapcessful.com

jumpshoppu.com

Targets

- Target
  
  b7189c8229baecede904e58eff8438c7_JaffaCakes118
- Size
  
  420KB
- MD5
  
  b7189c8229baecede904e58eff8438c7
- SHA1
  
  e3637bd5028b35dddd27fc1f836076cd4ba3eb61
- SHA256
  
  a47718c57ed25e5c30f0ea7c68952d6aae4ec1f4f0e889d7edae01228334cd14
- SHA512
  
  15587ae65ac51b87ada349b2a4acd8333ac61687cfda1de9846630a3123154a7621398b1d8bbeff511e19b4c0d9b3180010059383c61bf0109388585cdc824f5
- SSDEEP
  
  12288:q6/vbcscYE/kaI6mdVHq+dTQT/cHcFZcmD:qGArYEMaI6mdVHRycHgcm
Score

10^/10

agilenet formbook be rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2