formbook | 76c5f5e72040b7558eb45e8bf87a551f7ccbd67440b4b7ede1a62e579f69f4de | Triage

Submit
Reports

Overview

overview

Static

static

3

b745c75293...18.exe

windows7-x64

b745c75293...18.exe

windows10-2004-x64

Sharing

General

Target

b745c75293702c7e47b3c1cafea29d65_JaffaCakes118
Size

578KB
Sample

240617-hlnaaaygjb
MD5

b745c75293702c7e47b3c1cafea29d65
SHA1

51b09d18da82e065b48e79c8ca1a53a00219b62c
SHA256

76c5f5e72040b7558eb45e8bf87a551f7ccbd67440b4b7ede1a62e579f69f4de
SHA512

9eb5d3952a60e094fb370b9f479a6c1a7cdc7fe9d0f3ea445c4e76750f829b819e628c396b31343833e03584882ecfc0676ee3a9f92e90b53600cb5cde6ddc26
SSDEEP

12288:tS2a83T3IKwfUu2iKepGZIHsgEUkVyn3TcWItO:tVd3TYr6IpGJgTwynjcW8O

Score

10^/10

formbook el agilenet rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b745c75293702c7e47b3c1cafea29d65_JaffaCakes118.exe

Resource

win7-20240611-en

formbook el agilenet rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b745c75293702c7e47b3c1cafea29d65_JaffaCakes118.exe

Resource

win10v2004-20240611-en

formbook el agilenet rat spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

el

Decoy

visioncorp.biz

ligriefrelief.com

yadtika.com

tradiscovery.com

merrittandstyle.com

tongcheng.ltd

omclove.com

gronnbygg.com

mragenciesindia.com

14u4.com

thewatchmart.online

urlaubsvideos.net

fmud.ltd

500proxy.online

nisargsangitagrotourism.com

qyygame.com

childhaus.com

431opebet.com

nlpu4n8r41.biz

phoebus-tech.com

butlerboergoats.com

xiangyueba.com

ichirakus.com

agenlampulalulintas.com

263shop.com

5mzmy.com

hulanwang099.com

alexanderhaye.com

raccal.info

streetsurface.com

tenhofe.com

6582365.com

guratnqdk.com

support-secure-login.com

babyfeedingmats.com

sxlexue.com

porschespalette.com

sxxazs.com

thai-blogs.life

ituklifeinsuranceok.live

cdn-network26-server2.biz

6liuwei.site

oyku.online

goodcausetshirts.com

bbb703.com

tjfcjflaw.com

shape-magazine.site

isotecnik.com

divercode.com

dijongfood.com

italiacuoremio.com

ddiplomata.com

andalibh.com

jbwrfi.faith

additivepass.com

buildmeadream.com

pureandfriendly.com

rdv-oyats.com

heidis-reinigungsservicecom.com

hunli.ink

walnutcreekcalawservices.com

stayabovetheclouds.com

789899.net

xqrunr.com

aboutyd.com

Targets

- Target
  
  b745c75293702c7e47b3c1cafea29d65_JaffaCakes118
- Size
  
  578KB
- MD5
  
  b745c75293702c7e47b3c1cafea29d65
- SHA1
  
  51b09d18da82e065b48e79c8ca1a53a00219b62c
- SHA256
  
  76c5f5e72040b7558eb45e8bf87a551f7ccbd67440b4b7ede1a62e579f69f4de
- SHA512
  
  9eb5d3952a60e094fb370b9f479a6c1a7cdc7fe9d0f3ea445c4e76750f829b819e628c396b31343833e03584882ecfc0676ee3a9f92e90b53600cb5cde6ddc26
- SSDEEP
  
  12288:tS2a83T3IKwfUu2iKepGZIHsgEUkVyn3TcWItO:tVd3TYr6IpGJgTwynjcW8O
Score

10^/10

formbook el agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookelagilenetratspywarestealertrojan

behavioral2

formbookelagilenetratspywarestealertrojan

© 2018-2024

Terms | Privacy