Overview

overview

10

Static

static

3

569af2bcbe...18.exe

windows7-x64

10

569af2bcbe...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    569af2bcbe4f025c5d52cd278436b97f_JaffaCakes118

  • Size

    325KB

  • Sample

    240518-y456tadf7v

  • MD5

    569af2bcbe4f025c5d52cd278436b97f

  • SHA1

    f502c6fc7e27a44eb4c093e779ddf1cc24799ba8

  • SHA256

    95e30f7b010a0d205c7e7f1cf40d9ff55640c0f342daff1d47953fc32ee1bf31

  • SHA512

    a3b66794498b166aade084755f78a7fc83da0f38489bec927a0a157cee3f2066ebe46833384877a75538c0394e5020f8dad0529e431aee2d64b5408fd9148587

  • SSDEEP

    6144:UWjAszmAuOBTNlwBYHWxFWK9YSsxzBDc0oMcySfi5fX7RQXrDA:5jAszbuOBTNlwqHWxJtKRc0oTdAa0

Score
10/10
formbookpearatspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

pea

Decoy

dadufu2011.com

aiqylw.com

nexteer.tech

lowellselvin.net

scoreretirementcommunity.com

7aonsc.com

poe-tools.site

wwwjinsha675.com

kyntenslocum.com

crazygore.com

wecreate.tech

oakmontappraisalcompany.com

aylaham.net

asianrecruitmentconsultants.com

hr-ziilabs.com

unwindthemind.biz

drivewaypatiocleaning.com

blekete.com

csfengsu.com

neuralmeshes.com

Targets

    • Target

      569af2bcbe4f025c5d52cd278436b97f_JaffaCakes118

    • Size

      325KB

    • MD5

      569af2bcbe4f025c5d52cd278436b97f

    • SHA1

      f502c6fc7e27a44eb4c093e779ddf1cc24799ba8

    • SHA256

      95e30f7b010a0d205c7e7f1cf40d9ff55640c0f342daff1d47953fc32ee1bf31

    • SHA512

      a3b66794498b166aade084755f78a7fc83da0f38489bec927a0a157cee3f2066ebe46833384877a75538c0394e5020f8dad0529e431aee2d64b5408fd9148587

    • SSDEEP

      6144:UWjAszmAuOBTNlwBYHWxFWK9YSsxzBDc0oMcySfi5fX7RQXrDA:5jAszbuOBTNlwqHWxJtKRc0oTdAa0

    Score
    10/10
    formbookpearatspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks