Overview

overview

10

Static

static

3

Scan 2272020 pdf.exe

windows7-x64

10

Scan 2272020 pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e39c3c62149b653ae18f6723268e120_JaffaCakes118

  • Size

    912KB

  • Sample

    240611-pztsjsxcnd

  • MD5

    9e39c3c62149b653ae18f6723268e120

  • SHA1

    541a68f58d59e8ae5f6ef6d861f7857fe2e14605

  • SHA256

    d5945b766cf4900d4b6cdccebcd6e66e192761a2bb95dae216c8f0fcdea4fbde

  • SHA512

    c5a00d7ae3a8341124edb98c021861112f5d265928b6c728f5642574901def1e9d6d680b3f5bc3aa4d91a9c66783fef511f73612bd315c2c20aec6030f2c486a

  • SSDEEP

    12288:KQ/ena6F83r+bPrsdB0L0gazjJsJNulttShwmAlmclnw2y9XsfyCG:RaaFabDs7btHlttqwmDclnwNzCG

Score
10/10
formbookcxsratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cxs

Decoy

modersport.info

egoody.net

qcmutiny.com

theblueberryview.com

rupornofilm.com

katomaviation.com

therograms.net

borealisbasecamp.com

ebooksites.net

clavicon.net

burshopvarcs.win

neilmedchinhhang.com

allamericandreamcafe.info

floridasingers.com

blockchainworker.com

throneonline.com

newentrepreneurkit.com

tit.group

0s0eightother.men

las6p.com

Targets

    • Target

      Scan 2272020 pdf.exe

    • Size

      852KB

    • MD5

      428f386bf5494f7d8225b89eab98a167

    • SHA1

      161a2a697f2996f516d480cc037ec11a4eb9fd12

    • SHA256

      5bee48b9b0714e3482d4a4ecad39d50ef11f1945fa630599f844bb00b5a48a9f

    • SHA512

      f3d78c119522b2e58434512f43212ad5364e873e9a4e24c86336000d6ee5b58b8a2d56fdbc357210fb102d1661669b505ff0d0e2888746ad46cda769345affca

    • SSDEEP

      12288:0Q/ena6F83r+bPrsdB0L0gazjJsJNulttShwmAlmclnw2y9XsfyCG:3aaFabDs7btHlttqwmDclnwNzCG

    Score
    10/10
    formbookcxsratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks