formbook

General

Target

084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118
Size

816KB
Sample

240624-nthyestekm
MD5

084d9c372d05fc7450a7acc2d730e40a
SHA1

e87fbc8d77a456d97cd0c7d8a1f69752f2ef50b0
SHA256

f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef
SHA512

c3655b286f886b5665ec0dffcea84687046170b72add2a23f287ea8fd3df5cd7daeb402ab5d9af25b163bc454bfa0c30e7f39d2cbfa1dbc385b7575ff92e6dfb
SSDEEP

12288:AlNwTyzx+jxivZgVm2WCD1QbwBaYCQJVHmlZ:AlNwWN+jwZSm2ZivqJVHyZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dyt

Decoy

tg0913.com

fhehsjeh.com

hoslergroup.com

bradfordsahm.com

dopefuse.com

4vrlwi.site

greyboxautomations.com

codedlock.com

manifester.guru

luckyvertical.com

marvitrans.net

blushinglips.wine

shreeshyamexporters.com

bkdn.xyz

susanenglert.net

caprichodigital20.com

reianswers.net

alejandrobrand.com

drsineadbeirne.com

dijitak.com

Targets

- Target
  
  084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118
- Size
  
  816KB
- MD5
  
  084d9c372d05fc7450a7acc2d730e40a
- SHA1
  
  e87fbc8d77a456d97cd0c7d8a1f69752f2ef50b0
- SHA256
  
  f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef
- SHA512
  
  c3655b286f886b5665ec0dffcea84687046170b72add2a23f287ea8fd3df5cd7daeb402ab5d9af25b163bc454bfa0c30e7f39d2cbfa1dbc385b7575ff92e6dfb
- SSDEEP
  
  12288:AlNwTyzx+jxivZgVm2WCD1QbwBaYCQJVHmlZ:AlNwWN+jwZSm2ZivqJVHyZ
Score

10^/10

formbook dyt agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2