formbook | d1a50d7dff2d6e797a91bb21476340b6b6f38149602e78e8c67285e629ab5582 | Triage

Submit
Reports

Overview

overview

Static

static

3

9e96b0ca6a...18.exe

windows7-x64

9e96b0ca6a...18.exe

windows10-2004-x64

Sharing

General

Target

9e96b0ca6af610467e378ce574c46ac8_JaffaCakes118
Size

336KB
Sample

240611-sebm1s1gqr
MD5

9e96b0ca6af610467e378ce574c46ac8
SHA1

f0b6b0ba3b3837ea5045ddc67aca09b30929ba25
SHA256

d1a50d7dff2d6e797a91bb21476340b6b6f38149602e78e8c67285e629ab5582
SHA512

f371a472d328d0c09a714ff4002fed0f85d75971c187f1418adb2524c5787635dccd1b5dba810fe3806ad587bf5030934809777463636ba4792d511787590ee9
SSDEEP

6144:KLRglTOTgZB2LmLqMTU5KJMQPesmX/YmRMW:KLRdTxauMsKaQPtmAmRM

Score

10^/10

formbook he rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9e96b0ca6af610467e378ce574c46ac8_JaffaCakes118.exe

Resource

win7-20240221-en

formbook he rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e96b0ca6af610467e378ce574c46ac8_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook he rat spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

he

Decoy

wwws8884.com

kingofcat.com

tv17890.info

mayohomes.properties

digitaltaj.com

5x000.com

guoguoxiansen.com

712manbetx.com

subastacalicar.com

online-rueckbildung.com

cruisekaribu.com

chaomojia.com

dropmefile.info

cellcity.photography

gmckeeptexasrolling.net

peoplesinc.biz

pi3kinbreastcancer.com

kudstaxi.com

xhtd842.com

saverioscattaglia.com

libertydebtrelief.info

avro504k.net

nock.tech

zdcrrv.info

wzrbjd.com

nickojruddock.com

pushtonews.com

soportecorreos.com

xlzxtx.com

insightplpe.com

newshoppingsexp.com

blrgjx.info

redletterdayco.com

rockskin-furniture.com

azfall17gd.info

lescinemasdumonde.net

thinkle.online

psychotherapie-muenchen.email

curitea.com

doggone-graphics.store

wangxifengmalatang.com

727ca.com

463x.com

erfolgtechnosolutions.com

gddyu.com

bestwritegetessay.technology

jung-car.com

cn85555.com

cuishouke.net

bimaoffice.com

nsphr.com

teatimewithalex.com

logoquiz.solutions

emotional-competence.com

fusezones.com

jsqdhs.com

pole-entreprises.com

nateandnatalie.com

theparisaffair.com

szdqgjj.com

flightstatusnow.com

clipr-group.com

annatae.com

evolvedphotography.com

newraxz.com

Targets

- Target
  
  9e96b0ca6af610467e378ce574c46ac8_JaffaCakes118
- Size
  
  336KB
- MD5
  
  9e96b0ca6af610467e378ce574c46ac8
- SHA1
  
  f0b6b0ba3b3837ea5045ddc67aca09b30929ba25
- SHA256
  
  d1a50d7dff2d6e797a91bb21476340b6b6f38149602e78e8c67285e629ab5582
- SHA512
  
  f371a472d328d0c09a714ff4002fed0f85d75971c187f1418adb2524c5787635dccd1b5dba810fe3806ad587bf5030934809777463636ba4792d511787590ee9
- SSDEEP
  
  6144:KLRglTOTgZB2LmLqMTU5KJMQPesmX/YmRMW:KLRdTxauMsKaQPtmAmRM
Score

10^/10

formbook he rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookheratspywarestealertrojan

behavioral2

formbookheratspywarestealertrojan

© 2018-2024

Terms | Privacy