formbook | 97fbf9d45d2a295a9bd6a3666311da6c552993addf93c3e87d9e57c84c39a234 | Triage

Submit
Reports

Overview

overview

Static

static

3

bbcb0c05b9...18.exe

windows7-x64

bbcb0c05b9...18.exe

windows10-2004-x64

Sharing

General

Target

bbcb0c05b905a651f576be8bf298ce53_JaffaCakes118
Size

441KB
Sample

240618-n3c4jawgqm
MD5

bbcb0c05b905a651f576be8bf298ce53
SHA1

0e4db794bb8e7f586c6bb86f775dae90704fa5e3
SHA256

97fbf9d45d2a295a9bd6a3666311da6c552993addf93c3e87d9e57c84c39a234
SHA512

2e830e58d831b55d20ea9961023c66ad8e6873e6352b526960cea0802b5243212098a0b48a648d9a563d4603b85ce4c9e3f98d997ad10c04aa11c83fa4eab3a6
SSDEEP

6144:1El2Nt5vw0cmuypyyv0NZ42COv8XmTjkLm8nfsxF7wjimtzZ:1U2pw0eypyq0Qm82vkLnfOOimt

Score

10^/10

formbook h321 agilenet rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bbcb0c05b905a651f576be8bf298ce53_JaffaCakes118.exe

Resource

win7-20240611-en

formbook h321 agilenet rat spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbcb0c05b905a651f576be8bf298ce53_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook h321 agilenet rat spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

h321

Decoy

localchildbirth.info

greatamericanstudentssa.com

eatcoin.net

leikaiclothong.com

lovingmylife.company

akademiatenisaorzel.info

sy-adm.com

cartoons.group

johnandscotto.com

finalize0.com

sxtaibaifen.com

decarttasarim.com

yourboxshipped.net

processandprosper.com

mallorca-nightlive.com

qchj518.com

hc6hlnxeue.biz

lotochain.com

mettlesom.net

labratbrewing.com

examclasses.loan

paulhumber.com

eiwallet.com

15106882267.com

yzyx66.com

xn--e-yi0b98kvq2c.com

estateagentblogs.com

hashrush.info

yinuxw.info

mathehelden.info

buildersxchange.com

paulanavarro.info

bijoux-fantaisie-argent.net

fvaaevc.com

transfermalagamarbella.com

buqianmao.com

donkisotkitapkafe.com

edithelpers.com

warmia-dom.com

actongenetics.com

slim-cup.com

dirndl-princess.net

superori.com

xituanyuanhm.com

n01.tech

945yanshuang.com

jtmnk.com

mebeland.net

multitranslinkcourier.com

brunchforacausegreenville.com

here4you.online

554027.top

realprogressaustralia.com

signsofswfl.com

ourcrazyveterans.com

bosanjadikaryawan.com

9ldhh.info

musicsiren.com

parsaacollection.com

smart-liquids.com

strafbeschikkingverzet.com

katataktiriesnomikis.com

fengxingyizhan.com

15055304405.com

hacdop.com

Targets

- Target
  
  bbcb0c05b905a651f576be8bf298ce53_JaffaCakes118
- Size
  
  441KB
- MD5
  
  bbcb0c05b905a651f576be8bf298ce53
- SHA1
  
  0e4db794bb8e7f586c6bb86f775dae90704fa5e3
- SHA256
  
  97fbf9d45d2a295a9bd6a3666311da6c552993addf93c3e87d9e57c84c39a234
- SHA512
  
  2e830e58d831b55d20ea9961023c66ad8e6873e6352b526960cea0802b5243212098a0b48a648d9a563d4603b85ce4c9e3f98d997ad10c04aa11c83fa4eab3a6
- SSDEEP
  
  6144:1El2Nt5vw0cmuypyyv0NZ42COv8XmTjkLm8nfsxF7wjimtzZ:1U2pw0eypyq0Qm82vkLnfOOimt
Score

10^/10

formbook h321 agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookh321agilenetratspywarestealertrojan

behavioral2

formbookh321agilenetratspywarestealertrojan

© 2018-2024

Terms | Privacy