formbook | 9cd82d6a35b48112a4e99f0cbdbd3a18df7738082d7f40f24274debfc5688ec4 | Triage

Submit
Reports

Overview

overview

Static

static

3

b29ab9daed...18.exe

windows7-x64

b29ab9daed...18.exe

windows10-2004-x64

Sharing

General

Target

b29ab9daeda57a7b9494bf50e37b556c_JaffaCakes118
Size

1.5MB
Sample

240616-kke9ds1bnj
MD5

b29ab9daeda57a7b9494bf50e37b556c
SHA1

c97d6f7ebda204b6411a00e8fb3b4fd80e62cc33
SHA256

9cd82d6a35b48112a4e99f0cbdbd3a18df7738082d7f40f24274debfc5688ec4
SHA512

563f8344cddd5b02e9a7da0f11358f3f07a977ac21f1555a45f1d817315d9cdea5c87fc43dba8fc2a59b14e150ae33bb460c7ccdfabe428b14e0413fdeaa0719
SSDEEP

24576:lOs6umvEsVB7VzuVB9ejCEvbJ1DZfx3LCkwR2cLh62MpeycxEYY1pSlr3DV8bxO3:B0Dfx3LvcLh62GeqYY1E9/

Score

10^/10

formbook cmg rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b29ab9daeda57a7b9494bf50e37b556c_JaffaCakes118.exe

Resource

win7-20240508-en

formbook cmg rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b29ab9daeda57a7b9494bf50e37b556c_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook cmg rat spyware stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cmg

Decoy

8936199.com

caneryis.com

kkambo.net

lifecoachwoman.com

kardus6.xyz

larvashop.net

stapelskerstbomen.com

dropofluxe.com

1089konstanzter.com

simplelovedlife.com

manderley-condos.com

xexpressx.com

cheshuntcomp.com

chinazhenzhu.com

autoaccessoriesusainc.com

luccagamesawards.com

edwardguimont.com

aljawaheer.com

rootforequality.com

premiumtechiessupport.xyz

ix1e.com

ravomail.com

fastroot.club

fortnitecup.space

47.holdings

northminute.com

cenitcard.com

yumnamccann.com

irelandjoy.com

ohayouapp.com

iaimorganic.com

essecehealthcareotc.com

esanjor.online

shabdhan.com

ipatch.pro

makeassociation.com

promstudios.com

vocenaviagem.com

quanahsays.com

trousersport.guru

stickerzy.club

get4gbroadband.com

txtecnic.com

pricescuisinecrinak.com

clicdrone.com

oxbstwnm.icu

helloboysonline.com

amibagusa.com

igrowtr.com

microbladingpamplona.com

usabakk.com

talent-partner.com

messi-and-ronaldo.com

nwslot.com

beaconpointeportage.care

uciabwd.com

playredpandagames.com

clearyt.com

sonakshidhamija.com

mantinakliyat.com

amusic11.com

salonboardshop.com

nughte.club

kayparkermilf.com

shizukis2.com

Targets

- Target
  
  b29ab9daeda57a7b9494bf50e37b556c_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  b29ab9daeda57a7b9494bf50e37b556c
- SHA1
  
  c97d6f7ebda204b6411a00e8fb3b4fd80e62cc33
- SHA256
  
  9cd82d6a35b48112a4e99f0cbdbd3a18df7738082d7f40f24274debfc5688ec4
- SHA512
  
  563f8344cddd5b02e9a7da0f11358f3f07a977ac21f1555a45f1d817315d9cdea5c87fc43dba8fc2a59b14e150ae33bb460c7ccdfabe428b14e0413fdeaa0719
- SSDEEP
  
  24576:lOs6umvEsVB7VzuVB9ejCEvbJ1DZfx3LCkwR2cLh62MpeycxEYY1pSlr3DV8bxO3:B0Dfx3LvcLh62GeqYY1E9/
Score

10^/10

formbook cmg rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookcmgratspywarestealertrojan

behavioral2

formbookcmgratspywarestealertrojan

© 2018-2024

Terms | Privacy