Overview

overview

10

Static

static

3

28f253dd70...18.exe

windows7-x64

10

28f253dd70...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28f253dd70ec114954cb9720bc2e833b_JaffaCakes118

  • Size

    524KB

  • Sample

    240329-wkztkseh38

  • MD5

    28f253dd70ec114954cb9720bc2e833b

  • SHA1

    89bbf2aad3258e47a338d0344509fd051cac842c

  • SHA256

    51b54616de868dfaa1addcc28e0ca99f66a061de672858c2cdccafcce04aa335

  • SHA512

    15b8d8afd9eaf879dd2587dd923b481c7de71653b49f7c0adb91e253d276a92661721bf552c18ec5243e1f10078f8d09b5d2e1bacbc0f5f364cf4a8d3857848c

  • SSDEEP

    12288:AUi2iNekn+gWfltKCgfNQoJNu7OcJeDWh5lgCFI:AUi1Qk1Wn6aNYDW9

Score
10/10
formbookoy1nratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oy1n

Decoy

tammiestakeyqynaxbsjxgt.com

whbx-sfgsge1009-xvsdf.xyz

0ass52.icu

alfer-creacions.com

jsscr5.icu

kclearyart.com

studioandric.com

2zem.online

convert-course.com

fonduesetdirect.com

pohonrambutan.com

dousujing.net

dizzydamesdesigns.com

sphetbiubr318-nifty.xyz

bolader.com

casaceramique.com

ugrza.tech

pakzak.com

mjrandsons.com

happyandrelaxedstore.com

Targets

    • Target

      28f253dd70ec114954cb9720bc2e833b_JaffaCakes118

    • Size

      524KB

    • MD5

      28f253dd70ec114954cb9720bc2e833b

    • SHA1

      89bbf2aad3258e47a338d0344509fd051cac842c

    • SHA256

      51b54616de868dfaa1addcc28e0ca99f66a061de672858c2cdccafcce04aa335

    • SHA512

      15b8d8afd9eaf879dd2587dd923b481c7de71653b49f7c0adb91e253d276a92661721bf552c18ec5243e1f10078f8d09b5d2e1bacbc0f5f364cf4a8d3857848c

    • SSDEEP

      12288:AUi2iNekn+gWfltKCgfNQoJNu7OcJeDWh5lgCFI:AUi1Qk1Wn6aNYDW9

    Score
    10/10
    formbookoy1nratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks