Overview

overview

10

Static

static

3

PO.exe

windows7-x64

10

PO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b1f0c9c22dee3464fa1c05f87ca9514_JaffaCakes118

  • Size

    279KB

  • Sample

    240729-he5kzsxcqr

  • MD5

    3b1f0c9c22dee3464fa1c05f87ca9514

  • SHA1

    3451062dd36cadfcb02288442baf82992623fd53

  • SHA256

    8dc9b60a65e6e42c39a6bd504d444285f44bca22d76e12df9231c8e3af86953e

  • SHA512

    3c3e0273d3860764deeeb8b3a34707c5d26a7b8e6e12755a1e9eafa08d93b781ada095ca1fec38d70186102a4e7814d47e58bc712c4c6bda165820d3560fddfd

  • SSDEEP

    6144:Vi8TtDS7AVNPC0PzS19Q2Yi/7c+oMfUaLYwVA+hPoiP58ojvNH3bgA:08Z27m60bS19Wt9MTYwV1hL8ojvNH3bT

Score
10/10
formbookdiscoveryratspywarestealertrojan

Malware Config

Targets

    • Target

      PO.exe

    • Size

      1.2MB

    • MD5

      de7244c0976c2d750401450f968bf196

    • SHA1

      6b1a942d8e7123bec72530f8c64375ee0ebb87ac

    • SHA256

      ae17224ca8bfa4c88d7dd85eb93072928f34d312f325c4dfd5785dd07bd168a9

    • SHA512

      9293b11d4aa52ab5363b84cefda439f0d04fd33029515ad97d200c5a86821365bef26174ea6d635d8c44b2a77ac77c219d834fb924eba3ab657a2e293bf4936d

    • SSDEEP

      6144:1nk9doWTBdU5K2Te2+Pu5pL8MLwjHOJoj8BpLeucyv83XVB8wy4xX8:ZAdU5KqeEzBwjHOCAXca83T8L4K

    Score
    10/10
    formbookdiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks