formbook | bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b | Triage

Submit
Reports

Overview

overview

Static

static

3

13b21115bd...18.exe

windows7-x64

13b21115bd...18.exe

windows10-2004-x64

Sharing

General

Target

13b21115bd414b3cff0365351398e92a_JaffaCakes118
Size

823KB
Sample

240626-2ckbtazgkl
MD5

13b21115bd414b3cff0365351398e92a
SHA1

8a017b7cfc0128c584b64cf8b531e9387a211858
SHA256

bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b
SHA512

30681b65911dffd7091ef72e08f0e54197b4f153f89f77590e0d7f714b59066fb95e8861616f44cbcf01b15b148a69bf6dcb02207f73daf2a1ed0067fac0d309
SSDEEP

12288:oLXHsXw4voVatmZZgVm2WCDSZcWl76imBp4EmJi:QXHGTvcA4ZSm2ZymT4EmJi

Score

10^/10

formbook pep agilenet rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

13b21115bd414b3cff0365351398e92a_JaffaCakes118.exe

Resource

win7-20231129-en

formbook pep agilenet rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

13b21115bd414b3cff0365351398e92a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook pep agilenet rat spyware stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pep

Decoy

whitelabelgraphics.pro

futureguidefilms.com

mission-duplex.com

rutherealty.com

acehardwaremall.com

potenb.com

tbhawt.com

momentum-ip.group

m8sr8s.com

cfwagner.com

umiyama-eri.com

klantenvinden.com

simplycasd.com

visionhomerecruiting.com

inkjet-material.com

banking-aib.com

fast1performance.com

eventsbyja.com

breuer.network

smartecelectronics.com

vtbunkie.com

lexingtonclarke.com

ayintapbaklava.com

sugarstyleearrings.com

caiyanxi.com

the2mblueprint.com

bakldx.com

7choicesar.com

jesusencounterminisries.com

lamptail.com

bobkeet.com

chasingplanet.com

obernix.com

managementgpus.mobi

tcunionnet.com

hydzonised.com

jennie-espy.com

animeinkcon.com

hesovery.cool

bvilifemagazine.com

medicareworldnewsreport.net

zdrowykon.com

atenmedilatam.com

dlasso.com

7si3.com

seasonedsupport.com

29essentials.com

cnpuhang.com

yyaa2.net

neocareadvisory.com

tblsportshoes.com

chohub.com

initiationpodcast.com

architex.info

jamietylerlee.com

diusae.com

sun-go24.com

rfeap.com

safunerepublic.com

juanluanzi.com

neptuneribs.com

defocasc.com

tatilingerie.com

all-env.com

triumphantlytransformedbk.com

Targets

- Target
  
  13b21115bd414b3cff0365351398e92a_JaffaCakes118
- Size
  
  823KB
- MD5
  
  13b21115bd414b3cff0365351398e92a
- SHA1
  
  8a017b7cfc0128c584b64cf8b531e9387a211858
- SHA256
  
  bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b
- SHA512
  
  30681b65911dffd7091ef72e08f0e54197b4f153f89f77590e0d7f714b59066fb95e8861616f44cbcf01b15b148a69bf6dcb02207f73daf2a1ed0067fac0d309
- SSDEEP
  
  12288:oLXHsXw4voVatmZZgVm2WCDSZcWl76imBp4EmJi:QXHGTvcA4ZSm2ZymT4EmJi
Score

10^/10

formbook pep agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

formbookpepagilenetratspywarestealertrojan

behavioral2

formbookpepagilenetratspywarestealertrojan

© 2018-2024

Terms | Privacy