Overview

overview

10

Static

static

3

18675bbfe2...18.exe

windows7-x64

7

18675bbfe2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18675bbfe27a96c3e8e535c98abcade3_JaffaCakes118

  • Size

    346KB

  • Sample

    240505-tjpacahf44

  • MD5

    18675bbfe27a96c3e8e535c98abcade3

  • SHA1

    e8b0bba34a3da2e7b66c6a9eb85ef5bcd85b6dd8

  • SHA256

    1b21bf525993b2b88806225746546439bb83c2e14061b96549b97f486fdac241

  • SHA512

    12660d7129bbbf4dbf2fb4b93c13a45e7287b4b095e2a3ac81f264cf35bc93ac1e4efc2781bbb53794ef3431639326b5ddee93e7bf379e833ef74cd0b10ca920

  • SSDEEP

    6144:4aBzukSHPYKBWaBqVQ4JQO8JBCciwfHGgGovnG:B65HSaB8Q4Jt8JfiC/G

Score
10/10
formbookyoagilenetratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

yo

Decoy

creditformula.net

marketingwo.com

xn--w9q221mxha.com

mandanudes.com

dignity.exchange

outdooreveryday.com

legalandmedicaltranslations.com

grassrootsheals.com

voranado.com

thedayofficial.com

xn--6cs32cp56d.com

paketwisata.info

2b.church

konzerthausmuc.com

analytics-scanner.com

bodyperceptiontreatment.com

katyastan.com

ldede.win

eqy7g0.win

ewyurija.win

Targets

    • Target

      18675bbfe27a96c3e8e535c98abcade3_JaffaCakes118

    • Size

      346KB

    • MD5

      18675bbfe27a96c3e8e535c98abcade3

    • SHA1

      e8b0bba34a3da2e7b66c6a9eb85ef5bcd85b6dd8

    • SHA256

      1b21bf525993b2b88806225746546439bb83c2e14061b96549b97f486fdac241

    • SHA512

      12660d7129bbbf4dbf2fb4b93c13a45e7287b4b095e2a3ac81f264cf35bc93ac1e4efc2781bbb53794ef3431639326b5ddee93e7bf379e833ef74cd0b10ca920

    • SSDEEP

      6144:4aBzukSHPYKBWaBqVQ4JQO8JBCciwfHGgGovnG:B65HSaB8Q4Jt8JfiC/G

    Score
    10/10
    agilenetformbookyoratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks