formbook

General

Target

06f29cd7f75df92af37c4239e174d4c7_JaffaCakes118
Size

1006KB
Sample

240624-b2qxsaxbqj
MD5

06f29cd7f75df92af37c4239e174d4c7
SHA1

5ec519d5c96fd32f4c5a578474ec53029723fd43
SHA256

405a501be009e1b05b12380339655852210fe6d767cefd0c43d66cf1bcd096a2
SHA512

bfda511c81415a18f6e20c745d46045e8a9a2a28304070824548ac693b9a55bc6a1fec8320e66fd12e0ed9c208e60224e0b812b2750ed86f37d704252c64c77f
SSDEEP

12288:hImzp3cj6jRPLjRPqjBjjyjBjBjBjBjLjGKyk84+Smdmbkrer5nKjI4rIxdOvwY9:uPk8hSmdmKeterIxRYEp5

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kre

Decoy

alpacaksa.com

ravneetkhurana.com

neverstopip.com

sunarrallc.com

lojag3wire.com

kiffbrother.com

pawantakespawn.com

sadarbarta.com

blogdoruan.life

jadeitesecurity.com

edcincorp.com

xjp168.com

babylist.info

ennobleempiremarketing.com

amazon-co-jp.store

regenlighting.com

zhengqiantv.com

carbeloy.com

lemenzz.com

enigmacombine.icu

Targets

- Target
  
  06f29cd7f75df92af37c4239e174d4c7_JaffaCakes118
- Size
  
  1006KB
- MD5
  
  06f29cd7f75df92af37c4239e174d4c7
- SHA1
  
  5ec519d5c96fd32f4c5a578474ec53029723fd43
- SHA256
  
  405a501be009e1b05b12380339655852210fe6d767cefd0c43d66cf1bcd096a2
- SHA512
  
  bfda511c81415a18f6e20c745d46045e8a9a2a28304070824548ac693b9a55bc6a1fec8320e66fd12e0ed9c208e60224e0b812b2750ed86f37d704252c64c77f
- SSDEEP
  
  12288:hImzp3cj6jRPLjRPqjBjjyjBjBjBjBjLjGKyk84+Smdmbkrer5nKjI4rIxdOvwY9:uPk8hSmdmKeterIxRYEp5
Score

10^/10

formbook kre rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2