formbook

General

Target

ebee31991b156db114ab560139198d8f_JaffaCakes118
Size

791KB
Sample

240410-zbph2aea2x
MD5

ebee31991b156db114ab560139198d8f
SHA1

59326bdcd208d288adbe67690e1dbeec0da26722
SHA256

3334766a549149bb18921ea6d05343412c99d36b57e3993b7610dfe689f5f194
SHA512

c2cb8649d644b394437a76fc34ef6fbda2a020fb565a0f457e2df41d5dec1c6bba26eaefd25d78c82964d43320a393b40728037672d14bd236893043b180744d
SSDEEP

12288:eBfMjmtiNSmyDmJomIyx8OyHpBvygTUxiGwD0Pu0sIPWfZ4OU8IqxucBLC9J:eBtnpBvygA8LUHFr0O9J

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

glgd

Decoy

cdcbullies.com

qidajixie.com

bgimlv.com

sunflowerhybrid.com

kemal.cloud

canadadirect.net

mickey2nd.com

fastjobssearcher.com

tiny-tobi.com

inmedixequus.com

coollifeideas.com

triadelectronicsupply.com

lambyo.com

zxyoo.com

spokanemusicmag.com

sortporn.com

deadroomnyc.com

313mail.com

hexiptv.net

stanbiccargo-express.com

Targets

- Target
  
  ebee31991b156db114ab560139198d8f_JaffaCakes118
- Size
  
  791KB
- MD5
  
  ebee31991b156db114ab560139198d8f
- SHA1
  
  59326bdcd208d288adbe67690e1dbeec0da26722
- SHA256
  
  3334766a549149bb18921ea6d05343412c99d36b57e3993b7610dfe689f5f194
- SHA512
  
  c2cb8649d644b394437a76fc34ef6fbda2a020fb565a0f457e2df41d5dec1c6bba26eaefd25d78c82964d43320a393b40728037672d14bd236893043b180744d
- SSDEEP
  
  12288:eBfMjmtiNSmyDmJomIyx8OyHpBvygTUxiGwD0Pu0sIPWfZ4OU8IqxucBLC9J:eBtnpBvygA8LUHFr0O9J
Score

10^/10

formbook glgd agilenet rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Obfuscated with Agile.Net obfuscator

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2