formbook

General

Target

09d6d417e82661b2b04d1d4c3903928d_JaffaCakes118
Size

954KB
Sample

240624-vyx2gatflc
MD5

09d6d417e82661b2b04d1d4c3903928d
SHA1

260e7c2b21a51721e0799c8b8f3176dcdb5efecd
SHA256

fb4eed3cf47b8b977f61b307651cadf7e5f18e4fa20e91239e1f9832fc5d822c
SHA512

8577883f7bfc889571cdf7ddd568d9da3dd0c75b75e0c7d1c1773799d7d7dd12b099cb801767875e60986e9264149a744b1643dde174e83f1c0f00c78bfcceee
SSDEEP

12288:dC1PTHQjSrppXzkZ+6VYF7jAxYM8HwuKpCd0Z5ssLJTM:dC1PTwj43XDt/A385D6PssNT

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kre

Decoy

alpacaksa.com

ravneetkhurana.com

neverstopip.com

sunarrallc.com

lojag3wire.com

kiffbrother.com

pawantakespawn.com

sadarbarta.com

blogdoruan.life

jadeitesecurity.com

edcincorp.com

xjp168.com

babylist.info

ennobleempiremarketing.com

amazon-co-jp.store

regenlighting.com

zhengqiantv.com

carbeloy.com

lemenzz.com

enigmacombine.icu

Targets

- Target
  
  09d6d417e82661b2b04d1d4c3903928d_JaffaCakes118
- Size
  
  954KB
- MD5
  
  09d6d417e82661b2b04d1d4c3903928d
- SHA1
  
  260e7c2b21a51721e0799c8b8f3176dcdb5efecd
- SHA256
  
  fb4eed3cf47b8b977f61b307651cadf7e5f18e4fa20e91239e1f9832fc5d822c
- SHA512
  
  8577883f7bfc889571cdf7ddd568d9da3dd0c75b75e0c7d1c1773799d7d7dd12b099cb801767875e60986e9264149a744b1643dde174e83f1c0f00c78bfcceee
- SSDEEP
  
  12288:dC1PTHQjSrppXzkZ+6VYF7jAxYM8HwuKpCd0Z5ssLJTM:dC1PTwj43XDt/A385D6PssNT
Score

10^/10

formbook kre rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2