Overview

overview

10

Static

static

3

e29feb7fcc...88.exe

windows7-x64

10

e29feb7fcc...88.exe

windows10-2004-x64

10

nqyjqo.exe

windows7-x64

10

nqyjqo.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_ab97265f431377cd69aff7aed2c43778360f2d58bad6e0b86c007ad25727bf85

  • Size

    270KB

  • Sample

    241222-gr7ensxkan

  • MD5

    6a3d9b5f0805764733e6fffc1557a69e

  • SHA1

    ccb5607aab2e81539dd36ebe208d120c14878ba7

  • SHA256

    ab97265f431377cd69aff7aed2c43778360f2d58bad6e0b86c007ad25727bf85

  • SHA512

    1df1f58f259d72d09636a6367cadc56483034600b160b71da152ee162b96a1166faba2eea4b8259b09625aa244f8ecd9d3bab5fb8e6273b9da438d1968daf7de

  • SSDEEP

    6144:tjlnEMXKkzWEwM3i6YCrKpnTCNAEVBUU5H4yjb3:tjxEMXxWZM3iRC+pnTCdBN5Bb3

Score
10/10
formbooku6hudiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

u6hu

Decoy

OvIuZKrtOMxghbaZbvb/8h9g+Q==

mjHLVEVO8gwVeZ+7

Lh1lcZzH8pTXgpdDzV0vzyVooAsviHQ=

OzJXhMQYaQKNT1aBY/gM8h9g+Q==

WSJFbX28mK+jXVvRJofdtSc=

mEv6JdT2o7Nq++XYt8MFpx5QrhRdhA==

Wxf/NnjMRlBj6JK3jg==

nB21Q0tg7gEVeZ+7

IZinOswGUPAn51eHvCAoMetC

INxV9PYg7AQP0xyDAyg=

kkZP+Iq1AgMVeZ+7

meuru6sSaxxuoLS7gA==

y0jMTFyffedqCSRXVfm/

sJbTfRVKuQScxw==

+ecHP3ayIjYFnb7j2Pt6z5dK

uZnHRwRE9QwVeZ+7

ZBg6Sy054P4oHp0DknCx

nFXn8j4yTuJ9aOfNlw==

35ygHt8uASpReRyDAyg=

8nT3T+8eWeh6aOfNlw==

Targets

    • Target

      e29feb7fcc81e09ebf6a86b0d620c54e1a134ab98cbd9c13323bf5a6ae7e9088

    • Size

      282KB

    • MD5

      a8566feb30efadda298aa9aa48ed6231

    • SHA1

      3500451818de70121de56672eae034a73674ac55

    • SHA256

      e29feb7fcc81e09ebf6a86b0d620c54e1a134ab98cbd9c13323bf5a6ae7e9088

    • SHA512

      c8ce0767ec6e6c6bbb23169ea5a0981e3dd49b794d09065d84bcc200f27a5543d39b20991955cddb351350f93d75fdfef871f2c6bcacca00abe57cea06122397

    • SSDEEP

      6144:MEa0NZojwkXWEwM3e6YMrKpnTCNATU5H4yjyY:XZ+nWZM3eRM+pnTCn5ByY

    Score
    10/10
    formbooku6hudiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      nqyjqo.exe

    • Size

      100KB

    • MD5

      3d5e9bfede23e9c1b446fc3f9274d764

    • SHA1

      0844992797324021269266770a5c77d31f4ae95f

    • SHA256

      77a8bd4f7e493bf79ecc66caeabfa0e769c8a236cf67c61c94d5f8c58cc69d3e

    • SHA512

      6c8f750bbb4d35c055390d72c3b8232e646390155532517640fa479ee0b2d1891997ff18d26c01a1d66c9d751d3f6215387f1df12d73f0249acdc7827647cb52

    • SSDEEP

      3072:qiOJNQvDOGx9jVgAdE9UsbbrkQFqhDJ255C5M4Q:sYDJXgTUmzq+

    Score
    10/10
    formbooku6hudiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks