Overview

overview

10

Static

static

3

204425d3c3...18.exe

windows7-x64

10

204425d3c3...18.exe

windows10-2004-x64

10

$PLUGINSDI...ep.dll

windows7-x64

10

$PLUGINSDI...ep.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118

  • Size

    672KB

  • Sample

    240329-m3l6rsfc6v

  • MD5

    204425d3c32bcb225060b2a9ada2ea80

  • SHA1

    7059ea5532745e59e335df047ce32aeba0966712

  • SHA256

    36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192

  • SHA512

    579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360

  • SSDEEP

    6144:BBlL/tT3xo4fd/4wO5A2ibMYMWExSt53XuidCLTcHo0IWKUDUGpYn+QmTKb2bUk4:HfTmMbM2ExaNHaTd0IWXDUGpYVm2KAr

Score
10/10
formbookdn7rratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn7r

Decoy

eventphotographerdfw.com

thehalalcoinstaking.com

philipfaziofineart.com

intercoh.com

gaiaseyephotography.com

chatbotforrealestate.com

lovelancemg.com

marlieskasberger.com

elcongoenespanol.info

lepirecredit.com

distribution-concept.com

e99game.com

exit11festival.com

twodollartoothbrushclub.com

cocktailsandlawn.com

performimprove.network

24horas-telefono-11840.com

cosmossify.com

kellenleote.com

perovskite.energy

Targets

    • Target

      204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118

    • Size

      672KB

    • MD5

      204425d3c32bcb225060b2a9ada2ea80

    • SHA1

      7059ea5532745e59e335df047ce32aeba0966712

    • SHA256

      36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192

    • SHA512

      579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360

    • SSDEEP

      6144:BBlL/tT3xo4fd/4wO5A2ibMYMWExSt53XuidCLTcHo0IWKUDUGpYn+QmTKb2bUk4:HfTmMbM2ExaNHaTd0IWXDUGpYVm2KAr

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/ejxtxep.dll

    • Size

      35KB

    • MD5

      04b0a2f77eaa9e7ae4b8b64dbbb75919

    • SHA1

      54cdfbfb1d1fb9aedde9b24d91b164d3034d585b

    • SHA256

      aa486b35bed54d5574bb3aa10cfb43f124fe23e950eb0572f6e5037f54079025

    • SHA512

      fb8c2182c6874b949153f9d29fb40bc522073c639ce02238afa2e0cd121f5ddfdcff9d5d02f304140f941ab6ddbd8b2fadd5f71ad4b445ed18d36960c00c8e75

    • SSDEEP

      384:fBLnOdRSzQjjzfR0WqhWd2tHBZMW3JNSx938rbfOwIu+Fn1:f8dGQjjzpXXd2tHBZMW3JNSx9MruFn

    Score
    10/10
    formbookdn7rratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks