Overview

overview

10

Static

static

3

5fb858bd0b...18.exe

windows7-x64

10

5fb858bd0b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fb858bd0b9ae4b00c06bc682c13724f_JaffaCakes118

  • Size

    450KB

  • Sample

    240729-zryrmsvblh

  • MD5

    5fb858bd0b9ae4b00c06bc682c13724f

  • SHA1

    edf546f3810b24cfd346db9cbd718ced4d072cbd

  • SHA256

    95e23366f484caa8a1e1f285a2b01ecd9f21248e08aef6874ed40a77d191d0d6

  • SHA512

    7877203aac01faf2efef77bb4906f1dce2d7f76a5e84af69be430a6fabdf96ddbc21dd375d9667128c3adfb70c79e00ca73252c004ae99e36e33e75bcfda6493

  • SSDEEP

    12288:TizagXyOfNF31SbWnrdoGRIZE43l5xDlcrrlu7aWiwZD1:TFZH3l7yrxueWiwL

Score
10/10
formbookdiscoveryevasionratspywarestealertrojan

Malware Config

Targets

    • Target

      5fb858bd0b9ae4b00c06bc682c13724f_JaffaCakes118

    • Size

      450KB

    • MD5

      5fb858bd0b9ae4b00c06bc682c13724f

    • SHA1

      edf546f3810b24cfd346db9cbd718ced4d072cbd

    • SHA256

      95e23366f484caa8a1e1f285a2b01ecd9f21248e08aef6874ed40a77d191d0d6

    • SHA512

      7877203aac01faf2efef77bb4906f1dce2d7f76a5e84af69be430a6fabdf96ddbc21dd375d9667128c3adfb70c79e00ca73252c004ae99e36e33e75bcfda6493

    • SSDEEP

      12288:TizagXyOfNF31SbWnrdoGRIZE43l5xDlcrrlu7aWiwZD1:TFZH3l7yrxueWiwL

    Score
    10/10
    formbookdiscoveryevasionratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Formbook payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks