formbook | 40a35fc445ad1fc7075970dc0f3d650ca1acceda71bf4d882e7403e3ef2b2896 | Triage

Submit
Reports

Overview

overview

Static

static

3

b1476a5884...18.exe

windows7-x64

b1476a5884...18.exe

windows10-2004-x64

Sharing

General

Target

b1476a5884e12126481a80a2342a71c5_JaffaCakes118
Size

803KB
Sample

240616-cn2b2avgqe
MD5

b1476a5884e12126481a80a2342a71c5
SHA1

2e3d833cff9ce52aa215fbb3f05be770ccfaea8a
SHA256

40a35fc445ad1fc7075970dc0f3d650ca1acceda71bf4d882e7403e3ef2b2896
SHA512

660150236f91c95369f2fc9d1af3880d210512bacd9856c68a087ac24d15923a0a711413f068e1566617529656ad70e290f7d8f34fcfa92c9ca1354f817ae5db
SSDEEP

6144:EpEc6LLqTnBsutsDn4Bn0lJe38COv8XmTjkLm8nfsxF7wjim/vhcJvJwbZz:EyPL+D6700lWM82vkLnfOOim31bZ

Score

10^/10

formbook dg1 agilenet rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b1476a5884e12126481a80a2342a71c5_JaffaCakes118.exe

Resource

win7-20240611-en

formbook dg1 agilenet rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1476a5884e12126481a80a2342a71c5_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook dg1 agilenet rat spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

dg1

Decoy

pilatesmania.life

5bcoin.com

ammowillcall.com

quickwinz.market

terigele.com

sohotoken.com

tielingwww.site

lz2b3.info

norisc.com

digitalkonsultan.com

925manbetx.com

laricipark.com

quantum7nutrition.com

xceedcg.com

hanagel.com

cane91.download

iotadocker.com

brackenupholstery.com

erfolg-sichern.online

bihuorg.com

julieannemonroe.com

plazalascanas.com

howtodobooks.com

tamsonphotography.city

come-and-read.com

greenbirdeventsnj.com

globalcurrency.money

sunflowersecrets.com

xishencun.com

marcjacobsoutletco.com

creep.directory

studionineyoga.com

yexe.ltd

yz330.com

style-still.com

htdxxv.info

desatlogoblitar.com

kaptenkerang.com

lgh-light.com

rapidproto-expert.com

nail-boo.info

tamvandatranghuy.com

lfmean.com

energgy.tech

vj8ehq.info

ucesi.com

allfiwaterjet.com

nfjqbgja.com

wwnjx.com

03k8qo.info

united-ush.com

www231789.com

ceips.info

888coins.info

tcamersfoorteemvallei.com

healthyphy.com

moisturemasks.com

skepscape.com

chameleon-storytelling.com

shopbrunchwiththegirls.com

swty00555.com

cyanoestudio.com

lcoise.men

seaholidays.info

elsbouse.com

Targets

- Target
  
  b1476a5884e12126481a80a2342a71c5_JaffaCakes118
- Size
  
  803KB
- MD5
  
  b1476a5884e12126481a80a2342a71c5
- SHA1
  
  2e3d833cff9ce52aa215fbb3f05be770ccfaea8a
- SHA256
  
  40a35fc445ad1fc7075970dc0f3d650ca1acceda71bf4d882e7403e3ef2b2896
- SHA512
  
  660150236f91c95369f2fc9d1af3880d210512bacd9856c68a087ac24d15923a0a711413f068e1566617529656ad70e290f7d8f34fcfa92c9ca1354f817ae5db
- SSDEEP
  
  6144:EpEc6LLqTnBsutsDn4Bn0lJe38COv8XmTjkLm8nfsxF7wjim/vhcJvJwbZz:EyPL+D6700lWM82vkLnfOOim31bZ
Score

10^/10

formbook dg1 agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookdg1agilenetratspywarestealertrojan

behavioral2

formbookdg1agilenetratspywarestealertrojan

© 2018-2024

Terms | Privacy