formbook | 6a0c21a5a37e307becd9ed9bdee0f3f41e3d1a61847a6e9ae272ec891d4f7728 | Triage

Submit
Reports

Overview

overview

Static

static

3

1b02b2110a...18.exe

windows7-x64

1b02b2110a...18.exe

windows10-2004-x64

Sharing

General

Target

1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118
Size

507KB
Sample

240701-mx2n9sxcqg
MD5

1b02b2110a83c75e00319da7df7f1ed3
SHA1

01ca66b6bd83c1c4e9168767422815b327bfa2a2
SHA256

6a0c21a5a37e307becd9ed9bdee0f3f41e3d1a61847a6e9ae272ec891d4f7728
SHA512

93eee319549c963b9639a1bdf05f872e7834afdbd6fc7167cd40cb579e607e7b212c259cb8aae08190f0c827e0da448903a161f1ae98ee397c38afa8059ac2ce
SSDEEP

12288:pSlQOcPTxF0cvmpJZIxXwWW2WiZnqrw+fuJptW+3e3miUZ:OKTxacvmPZIxjmiFqr/u1LUC

Score

10^/10

formbook ffw evasion rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118.exe

Resource

win7-20240419-en

formbook ffw evasion rat spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118.exe

Resource

win10v2004-20240508-en

formbook ffw evasion rat spyware stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ffw

Decoy

unmutedgenerations.com

localmoversuae.com

centralrea.com

geyyfphzoe.com

silverpackfactory.com

techtronixx.com

shop-deinen-deal.com

buehne.cloud

inspirefreedomtoday.com

chapelcouture.com

easton-taiwan.com

quanaonudep.store

merzigomusic.com

wpzoomin.com

service-lkytrsahdfpedf.com

yeasuc.com

mydogtrainingservice.com

galeribisnisonline.com

cscremodeling.com

bom-zzxx.com

ensobet88.com

vegancto.com

digivisiol.com

advancetools.net

gzqyjd.com

xtgnsl.com

ftfortmyers.com

g-siqueira.com

ufdzbhrxk.icu

tiekotiin.com

youschrutedit.com

takahatadenkikouji.com

goodfastco.com

jtelitetraining.com

planet-hype.com

gigwindow.com

levelxpr.com

besttechmobcomm.info

funneldesigngenie.com

mylisting.cloud

alltwoyou.com

mortgagesandprotection.online

monthlydigest.info

senlangdq.com

postphenomenon.com

slymwhite.com

masonpreschool.com

wahooshop.com

meridiangummies.com

samsungpartsdept.com

saludbellezaybienestar.net

vickifoxproductions.com

shawandwesson.info

nutrepele.com

gorillatanks.com

praktijkinfinity.online

lanteredam.com

refinedmanagement.com

tiwapay.com

fruitsinbeers.com

charliekay.net

realironart.com

sonsofmari.com

kedingtonni.com

evolvekitchendesign.com

Targets

- Target
  
  1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118
- Size
  
  507KB
- MD5
  
  1b02b2110a83c75e00319da7df7f1ed3
- SHA1
  
  01ca66b6bd83c1c4e9168767422815b327bfa2a2
- SHA256
  
  6a0c21a5a37e307becd9ed9bdee0f3f41e3d1a61847a6e9ae272ec891d4f7728
- SHA512
  
  93eee319549c963b9639a1bdf05f872e7834afdbd6fc7167cd40cb579e607e7b212c259cb8aae08190f0c827e0da448903a161f1ae98ee397c38afa8059ac2ce
- SSDEEP
  
  12288:pSlQOcPTxF0cvmpJZIxXwWW2WiZnqrw+fuJptW+3e3miUZ:OKTxacvmPZIxjmiFqr/u1LUC
Score

10^/10

formbook ffw evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookffwevasionratspywarestealertrojan

behavioral2

formbookffwevasionratspywarestealertrojan

© 2018-2024

Terms | Privacy