formbook

General

Target

1a7caaa4092282afc01f1ee59cccad19_JaffaCakes118
Size

459KB
Sample

240701-jl4gyatanp
MD5

1a7caaa4092282afc01f1ee59cccad19
SHA1

911c38837fbef1e77f4bd685be2f9eb0e2904ffc
SHA256

864934ddf1df098beb15f1f6a3e45d7d2e4537b265fe0fc2fd6f4cfce556fd5e
SHA512

b1891c694275f7f2ae148f531830ca49dae3efb44395d2404263cc74c5f14931e1f256dfe88604cea91b4bec816821c6b5ff361834127f01911180457f02fb56
SSDEEP

12288:cZA95kuKzl3SKtIY51+RWrkaGRYPCBwtla4QXv2J:UA95kXz1SKqQrrkaPwwtl+Xw

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pep

Decoy

whitelabelgraphics.pro

futureguidefilms.com

mission-duplex.com

rutherealty.com

acehardwaremall.com

potenb.com

tbhawt.com

momentum-ip.group

m8sr8s.com

cfwagner.com

umiyama-eri.com

klantenvinden.com

simplycasd.com

visionhomerecruiting.com

inkjet-material.com

banking-aib.com

fast1performance.com

eventsbyja.com

breuer.network

smartecelectronics.com

Targets

- Target
  
  proforma Invoice .exe
- Size
  
  599KB
- MD5
  
  c675e7853c9cc47e31e436fe90448445
- SHA1
  
  47bf1af77eb9a18a70fc8e81d9caf4c466665576
- SHA256
  
  cdedbe45cbd9452a80416dc72dfe935c606d15cf4ebce3861ce428ab75aec7f3
- SHA512
  
  ba997897a7525b0e41c81c5056a120fb7566c8a0a632d04bafb190032f9843dfaa3f9b38c2f1831b102afaa7e10c29550a806aba47517ff233f6006ad8e24398
- SSDEEP
  
  12288:aX2qoF8gj58OR+3yKtIg51MRWDkuYRYPIBwhlIwUFg7dA:adgWOeyKqI1DKaPKwhl+FgBA
Score

10^/10

formbook pep rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2