Extracted

• • Target

    5c92714c7fc8fcd425c5e2ef0b4a217b_JaffaCakes118

  • Size

    19KB

  • MD5

    5c92714c7fc8fcd425c5e2ef0b4a217b

  • SHA1

    d86c2586952d0082ee0b9d8f62e88356f52a4faf

  • SHA256

    5567b917f6a654268f367ca76a663f87c1e9b44a997cdac64935cc4105014c08

  • SHA512

    eaa139da94753953fb2b5bc02b5a9eb34913c8eb1e13a5e4dc3f81822e9c4702048e581c1725a989ed2733b528ed2da125923084c414620841b8eebc802c9179

  • SSDEEP

    384:LBA6H714HOnS7B1scgfYdfeB68EDgf2h8:LBWHuS5gQEREUf2h8

  Score

  10^/10

  formbookndspersistenceratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Modifies WinLogon for persistence

    persistence

  • Formbook payload

    rat

  • Drops startup file

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2