formbook | e9c75f9f951a7bcfbd1920d431ccc152b46e47af8b79e9040e95cb33402d017e | Triage

Submit
Reports

Overview

overview

Static

static

3

a3553c3a25...18.exe

windows7-x64

a3553c3a25...18.exe

windows10-2004-x64

Sharing

General

Target

a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118
Size

881KB
Sample

240613-bplgjasemp
MD5

a3553c3a25028d72c2e0b256c566fc62
SHA1

8396247cd7f45565ceea3e40bfec58081761d510
SHA256

e9c75f9f951a7bcfbd1920d431ccc152b46e47af8b79e9040e95cb33402d017e
SHA512

2ac529bf6141b147eefe04db1065dc2d40ca8ee71d1210184e40e6cb3add1f6dad82e876ccde0c4034545341dc3d6b61ebb12e77353fd19d38821ea8ae3b78f6
SSDEEP

24576:f2O/GlVZNLsi1BOLQN0QeznLOCLs2lQlZP69e1:cZVWLSGznuri94

Score

10^/10

formbook eb persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118.exe

Resource

win7-20240508-en

formbook eb rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118.exe

Resource

win10v2004-20240611-en

formbook eb persistence rat spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

eb

Decoy

mainstreamhosting.biz

warp-speed.email

valkyrieuav.com

darlingweekends.com

beyazs.com

kreasidesain.com

trod.ltd

njbarberbattle.com

mono.guru

danacoquangnam.com

acuaspring.store

quiclkiestores.com

indycdandvinyl.net

innovation-quest.info

myyoutubevidz.com

findmysuperhero.com

clipvuicuoi.com

hemerasexperience.com

meganoti.com

hoezpa.men

parustraffic.com

franklingoldmann.com

918nlev8.com

seismiccoin.com

kevin-vargas.com

masterfid.com

aprivate.network

stages.wales

scpxlw.info

virtualrare.com

steamedxxx.com

theselftaughtseamstress.com

awsdba.com

rebertarim.com

aafulong.com

hhhav49491.com

yup-igoingg.com

buckeyetastethetraditions.com

man630.com

onlinesubsea.com

soundscrystalsvibrations.com

circlelick.net

itouch017.com

jungtong.com

imperiolola.com

astro-lelab.com

cameltrains.com

miwue.com

lsyxgc.com

vatconsultancyuae.com

makealivingfromyourcouch.com

etbsa-drones.com

13z5.com

1s2l3l.com

internetmarketinglifestyles.com

zghongsp.com

quantumagora.com

frankomondiportfolio.com

alphapartysupplyrental.com

draracelytv.com

portogusx.com

thistlekidswear.com

jesisojolikol.com

raydatas.com

ntwireds.com

Targets

- Target
  
  a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118
- Size
  
  881KB
- MD5
  
  a3553c3a25028d72c2e0b256c566fc62
- SHA1
  
  8396247cd7f45565ceea3e40bfec58081761d510
- SHA256
  
  e9c75f9f951a7bcfbd1920d431ccc152b46e47af8b79e9040e95cb33402d017e
- SHA512
  
  2ac529bf6141b147eefe04db1065dc2d40ca8ee71d1210184e40e6cb3add1f6dad82e876ccde0c4034545341dc3d6b61ebb12e77353fd19d38821ea8ae3b78f6
- SSDEEP
  
  24576:f2O/GlVZNLsi1BOLQN0QeznLOCLs2lQlZP69e1:cZVWLSGznuri94
Score

10^/10

formbook eb rat spyware stealer trojan persistence
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookebratspywarestealertrojan

behavioral2

formbookebpersistenceratspywarestealertrojan

© 2018-2024

Terms | Privacy