Overview

overview

10

Static

static

3

e5499b1ba3...18.exe

windows7-x64

10

e5499b1ba3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5499b1ba3f0708bf02685a5d8615f86_JaffaCakes118

  • Size

    744KB

  • Sample

    240407-s9q17afh8y

  • MD5

    e5499b1ba3f0708bf02685a5d8615f86

  • SHA1

    4f50a2c9acd8b45589fe79423f59735fe8e0e5df

  • SHA256

    032c66d81ce4a924a55d617dffa477aa00585353bcb9a5737a41130cfbe0d054

  • SHA512

    d5e09da1485faab13bd36f2cd265791ca42fe7bfe00ef65b6efc402d3c8100ac49ede313aa803432a0690f55e4b6dd7bacd11f24c3429abdb7a6facf5df0b5bd

  • SSDEEP

    12288:gEYMt4NZddWiui/HFtZ0dg9p+RkArg/KS1OsjQ4W10HK7zaWnPDmy1COQ2b9A87M:mLH9p2gwZFLPiy1lJcmhyXkwoAEpAqH0

Score
10/10
formbooko4msratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o4ms

Decoy

fishingboatpub.com

trebor72.com

qualitycleanaustralia.com

amphilykenyx.com

jayte90.net

alveegrace.com

le-fleursoleil.com

volumoffer.com

businessbookwriters.com

alpin-art.com

firsttastetogo.com

catofc.com

ref-290.com

sbo2008.com

fortlauderdaleelevators.com

shanghaiyalian.com

majestybags.com

afcerd.com

myceliated.com

ls0a.com

Targets

    • Target

      e5499b1ba3f0708bf02685a5d8615f86_JaffaCakes118

    • Size

      744KB

    • MD5

      e5499b1ba3f0708bf02685a5d8615f86

    • SHA1

      4f50a2c9acd8b45589fe79423f59735fe8e0e5df

    • SHA256

      032c66d81ce4a924a55d617dffa477aa00585353bcb9a5737a41130cfbe0d054

    • SHA512

      d5e09da1485faab13bd36f2cd265791ca42fe7bfe00ef65b6efc402d3c8100ac49ede313aa803432a0690f55e4b6dd7bacd11f24c3429abdb7a6facf5df0b5bd

    • SSDEEP

      12288:gEYMt4NZddWiui/HFtZ0dg9p+RkArg/KS1OsjQ4W10HK7zaWnPDmy1COQ2b9A87M:mLH9p2gwZFLPiy1lJcmhyXkwoAEpAqH0

    Score
    10/10
    formbooko4msratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks