formbook | 003516e2f71004adc351d3d03f41c642c5f56f9ea1ac4d3369ec51550e69e0f1 | Triage

Submit
Reports

Overview

overview

Static

static

3

f92d115c8a...18.exe

windows7-x64

f92d115c8a...18.exe

windows10-2004-x64

Sharing

General

Target

f92d115c8a7e6a38aade6aad038c49dd_JaffaCakes118
Size

734KB
Sample

240419-bkylasdc8s
MD5

f92d115c8a7e6a38aade6aad038c49dd
SHA1

81aed899b36ca58821b3c7b06ea56a0e8942a433
SHA256

003516e2f71004adc351d3d03f41c642c5f56f9ea1ac4d3369ec51550e69e0f1
SHA512

f2d643ca42490584364dda4610aedb21a7f872f09cdddb9aef43117a61c296f67128314df532ca9360fcb88435ee4e985634c72e29a6767c33b378eefcc1755e
SSDEEP

12288:5N+NSn2iNeHK7zatLJ8FebazVp5VKhsA1dsGlnVIaVr3ySCp1W9+RP:5NMk1b2l4ebaHnKv3sqIaVr4I+

Score

10^/10

formbook xgmi evasion rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f92d115c8a7e6a38aade6aad038c49dd_JaffaCakes118.exe

Resource

win7-20240221-en

formbook xgmi evasion rat spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f92d115c8a7e6a38aade6aad038c49dd_JaffaCakes118.exe

Resource

win10v2004-20240412-en

formbook xgmi evasion rat spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xgmi

Decoy

ivouty.icu

bgilroy.com

dgden.com

grosse-schware.com

mandos.tech

deedv.com

the724lab.com

dulcepicor.com

cupsandkids.com

albertafutsal.com

ponthierandson.com

tiendaewin.com

200garden.com

f9753.com

cognitivehearingspecialist.com

pikypets.com

dimestorecowgirlscompany.com

reefervannetwork.com

umf2.com

yoniwater.com

everypottery.com

fedcoinconverter.com

bahisevarmisin.com

psm-gen.com

poweredbymoffitt.com

inbalitz.com

xjrfl.net

newski.info

advertisewithkhia.com

mygloryicon.com

virtual-hub.site

ibrahimkhalifullah.info

tommyohagan.com

sqlnasnuvens.com

saltmarsh.farm

blunetbilisim.xyz

zubat5.xyz

imxiaoanag.club

jahnanshajahan.com

bigdippergift.com

taviegroup.com

xn--h1asdr2a.xn--p1acf

reyexotics.com

themuslimlifecoach.com

performaedu.com

kystores.com

exileakira-ralphscoffee-a.com

enviegal.com

hediyeetbeni.com

weilbaron.com

littlebagsofsunshine.com

reves-rever.info

matchpointents.com

financialfreedom4families.com

stoplamont.com

mrtacobell.com

neatandrocks.com

tridentpeople.com

myblucare.com

easzybreath.info

discountwheelauto.com

poolsnation.com

fletex.express

goodteattirerebates.com

hotbootcampboca.com

Targets

- Target
  
  f92d115c8a7e6a38aade6aad038c49dd_JaffaCakes118
- Size
  
  734KB
- MD5
  
  f92d115c8a7e6a38aade6aad038c49dd
- SHA1
  
  81aed899b36ca58821b3c7b06ea56a0e8942a433
- SHA256
  
  003516e2f71004adc351d3d03f41c642c5f56f9ea1ac4d3369ec51550e69e0f1
- SHA512
  
  f2d643ca42490584364dda4610aedb21a7f872f09cdddb9aef43117a61c296f67128314df532ca9360fcb88435ee4e985634c72e29a6767c33b378eefcc1755e
- SSDEEP
  
  12288:5N+NSn2iNeHK7zatLJ8FebazVp5VKhsA1dsGlnVIaVr3ySCp1W9+RP:5NMk1b2l4ebaHnKv3sqIaVr4I+
Score

10^/10

formbook xgmi evasion rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

formbookxgmievasionratspywarestealertrojan

behavioral2

formbookxgmievasionratspywarestealertrojan

© 2018-2024

Terms | Privacy