formbook

General

Target

156a8f3ff2daa772e183f33d03542088_JaffaCakes118
Size

892KB
Sample

240627-kzqcxataqh
MD5

156a8f3ff2daa772e183f33d03542088
SHA1

d5c5d9adc26f34f357bbbc04b76db5589154c096
SHA256

1517b72d950951e2a53e5881d9f72ef224128454d1bf4ad28afbbee341787e9c
SHA512

bf19dacebe4ca845683f2a0e63e03df6d93619ab8eecc7971b4554c48bbd03e0f4c796c635268261110be4d718dc8163a11c208e9d27bffacd29a8d8bf801f25
SSDEEP

12288:xLfmbbfGD5BroDcsIE++hSpk6L1S3Yp+vpVhd5FhM1wVTMsMz4AJ3sPerFfBL2qJ:xLfmbbfirrts4+ApkmAYp+vdFRtT8

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gbl

Decoy

dx268.com

textbot4you.com

critictable.com

fsclub.info

order-review.com

tkgenergy.com

contavip.info

fashionests.com

sieromart.com

miamimobiletesting.com

oxforhabits.com

yugoslavilk.online

inieenterprises.com

bythebucketfranchise.com

parcelified.com

signalcyclers.com

starryeyedproject.com

proteacherstore.com

horos.tech

bovadaracebook.sucks

Targets

- Target
  
  156a8f3ff2daa772e183f33d03542088_JaffaCakes118
- Size
  
  892KB
- MD5
  
  156a8f3ff2daa772e183f33d03542088
- SHA1
  
  d5c5d9adc26f34f357bbbc04b76db5589154c096
- SHA256
  
  1517b72d950951e2a53e5881d9f72ef224128454d1bf4ad28afbbee341787e9c
- SHA512
  
  bf19dacebe4ca845683f2a0e63e03df6d93619ab8eecc7971b4554c48bbd03e0f4c796c635268261110be4d718dc8163a11c208e9d27bffacd29a8d8bf801f25
- SSDEEP
  
  12288:xLfmbbfGD5BroDcsIE++hSpk6L1S3Yp+vpVhd5FhM1wVTMsMz4AJ3sPerFfBL2qJ:xLfmbbfirrts4+ApkmAYp+vdFRtT8
Score

10^/10

formbook gbl rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2