Overview

overview

10

Static

static

3

c45a5095dc...18.exe

windows7-x64

10

c45a5095dc...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c45a5095dcd3afa44b6636a875a5adcb_JaffaCakes118.exe

  • Size

    300KB

  • MD5

    c45a5095dcd3afa44b6636a875a5adcb

  • SHA1

    e405f17bfe4ea6d9851c629959bad19eabe803fb

  • SHA256

    681af20c60faa54a6ce5adc472b7f875d3454929c21963b11a9ab5677edd4a05

  • SHA512

    acc628710d6baeb80fc9e9416240282cda8cd5c74c9113e2d9034f85ed4008e68842e598178d9bf6049207b701038fa8a5d1f7da89ff4e495fe91804ca870935

  • SSDEEP

    6144:NRKJLSpY9xkS1pTKve5EtpJn+OO8j9fq:NRu+pY9d1p+vKQgJr

Score
10/10
formbookqufratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

quf

Decoy

abecla.com

beautiful-journey-nz.com

littlesnj.com

bubfive.com

shoppecancreek.com

campey.store

tacokingsfl.com

tutorialme.com

azbku.com

everis-kids.com

annekatran.com

crownstarhomes.com

angiehsuflow.com

caracasdev.net

itselectricboat.com

tuidrimer.net

motherofreaders.com

tallahasseekidstriathlons.com

buhhoh.com

cudahy68.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 3 IoCs
    rat

Processes

  • C:\Users\Admin\AppData\Local\Temp\c45a5095dcd3afa44b6636a875a5adcb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c45a5095dcd3afa44b6636a875a5adcb_JaffaCakes118.exe"
    1⤵
      PID:2616

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2616-2-0x0000000000250000-0x0000000000350000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2616-3-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2616-1-0x0000000000400000-0x0000000004DC7000-memory.dmp

      Filesize

      73.8MB

      Download

    • memory/2616-4-0x0000000000400000-0x0000000004DC7000-memory.dmp

      Filesize

      73.8MB

      Download