Extracted

• • Target

    d34101f0d1a192f78c01dc6d21a06741_JaffaCakes118

  • Size

    452KB

  • MD5

    d34101f0d1a192f78c01dc6d21a06741

  • SHA1

    ee7f5e95ebca427b8b5baf712e7870a872d3f43f

  • SHA256

    391f96154aa7c7d4f4616e3746a3a533652f64419f711c8510c99e01ffa78c61

  • SHA512

    c1bc0241c2bb5ec15442d0cbf63033efe24bd4bd09375c91c76404d59a0f21d3130cbaa57716d409e56d6dcbd6f28e9f5f246c469717f9db74bc73939b05bba8

  • SSDEEP

    12288:mXpZ6txMYlJyR2/5KTB6ye9cOE0jsSbVAD8Ufl4b:4Gx8M/ZyCEUAD8Uflc

  Score

  10^/10

  formbookcx0discoveryevasionratspywarestealertrojan

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Formbook payload

    rat

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2