Overview

overview

10

Static

static

1

6d7ada8915...18.msi

windows7-x64

10

6d7ada8915...18.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d7ada8915023eb188f47444a77d169d_JaffaCakes118

  • Size

    480KB

  • Sample

    240524-f8vlrsfb54

  • MD5

    6d7ada8915023eb188f47444a77d169d

  • SHA1

    f87023a7c0de6b0ff4b0b2b799e58f41b938c332

  • SHA256

    acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

  • SHA512

    d37cf81df8f8dc64c5d5f0d68a2ad428b7d7d31658dd6980bc27db0d3dbc3ef44776012ea72feafc1c3348b0c9cd3599ce89168aa7edd992769dca26a98cc084

  • SSDEEP

    12288:TEqy7sSW7kNUhBiTL1wuG2YVkp455oaomdIbTbq:TE5wzAQUTO/2SkpWon

Score
10/10
formbookaipersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ai

Decoy

theapschool.com

riseupfloridakeys.com

xn--mgbb2awa9dm20i.com

apnee-coach.com

christianmarketinggifts.com

eurothereum.biz

solutionfull.com

equifaxqsecurity2017.com

roboeye-tech.com

living-isar.immo

cable-online-zone.sale

parfumirza.com

civilizationsprice.com

zealasia.com

billet-bateau-tanger.com

andrewkurtsummers.net

darylandkaitlyn.com

ddaak.com

seattlepetadventures.com

iopuern.online

Targets

    • Target

      6d7ada8915023eb188f47444a77d169d_JaffaCakes118

    • Size

      480KB

    • MD5

      6d7ada8915023eb188f47444a77d169d

    • SHA1

      f87023a7c0de6b0ff4b0b2b799e58f41b938c332

    • SHA256

      acb58cf1f819372ca5f461636f47ef790ec5d2748a5eaa3676104e46cdca1b19

    • SHA512

      d37cf81df8f8dc64c5d5f0d68a2ad428b7d7d31658dd6980bc27db0d3dbc3ef44776012ea72feafc1c3348b0c9cd3599ce89168aa7edd992769dca26a98cc084

    • SSDEEP

      12288:TEqy7sSW7kNUhBiTL1wuG2YVkp455oaomdIbTbq:TE5wzAQUTO/2SkpWon

    Score
    10/10
    formbookaipersistenceratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks