Overview

overview

10

Static

static

3

PO 20002001.exe

windows7-x64

10

PO 20002001.exe

windows10-2004-x64

7

bwfjco.exe

windows7-x64

10

bwfjco.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e764f6e7bdb61df66914dcf9787d1bd6b738f1bd1f13320d57f44362c2ef676e

  • Size

    226KB

  • Sample

    241223-1zty4atjak

  • MD5

    d6eec08581f01bd2e36c0964761cb4ab

  • SHA1

    161c0c386e8cb2039f312647b1f5d4c4c11da2a3

  • SHA256

    e764f6e7bdb61df66914dcf9787d1bd6b738f1bd1f13320d57f44362c2ef676e

  • SHA512

    752006901fd34aa16244a23ce9c8b9061ea0af53a4739dfdf2f7f33923f13602e1aef61e4ab957b17fb7d8b9af86dac52f6ce9962beedba8f8a8205d363b9f12

  • SSDEEP

    6144:kzEhCkPtI4Mrv84mAlTG/5DNGtrmlalOj1lDw9+AggSzgnRmq0:kAh/Pt7tQlTIBUtrQOOZZ2+PgRH0

Score
10/10
formbook8h9mdiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

8h9m

Decoy

1mlTmspKx2v1tBk=

yIc4QeHIRDCOR+Jw1Ok=

H8t9mJXm6cGdYU06SRJfL3sSLA==

lAXKHDi6++LIhlEwKs+bWhMZ+L66nQ==

E6WKvzgn56BxKQHIJyzgBAF/rqd3991G

POOMBhRnJuTJ

jamOvN0WjnY=

SkSWCK+QG2v1tBk=

UO/pC56OWQfVlG83j5ePL3sSLA==

zZE+TtGyQ/VHCmpNpqjvtO+qOv0gK/xY

Qf2nzo6CKw0wULtN3u8=

aQXZ7xd65+B5qcGN5es=

pVcLOF283IPToRfbFwmBk+/HYa/XgWg=

/q6WucVnJuTJ

1q6TtFFOBOLzXuZ80eM=

deGLxFs25Mot+4FNkDRsYM4=

OSMfWPXclKD9TD0In3Yh0w==

a//mBgh1bElZOCPn7JQcaAXZ7q/XgWg=

jTcUGqB9bkvyvQ/7

B3hUcn7MyK7CtqeFrxQV3Q==

Targets

    • Target

      PO 20002001.exe

    • Size

      297KB

    • MD5

      0ea5a94cd963591f731b5f460371e159

    • SHA1

      1b3528c85a3a965106e2d81361d103c0833bf126

    • SHA256

      ff4cff76876cda952a48855396ca07f5fb5216a5df0efd10c9701c135552703c

    • SHA512

      577548cdbd08cc58bba5f08bdf25312d55395b9105334adbfbed3a5cf4d0e549ee4e0c9f0eb07e4f25c8246733f6d352e6c3af811669948905e0cc3d4f9e7aa4

    • SSDEEP

      6144:dNeZ6Ej0A8ksOkFgZNK3ZPVQ8xqP2vYniHUPKI66gc:dNkjZsOkSZNKJPeJ3nS+

    Score
    10/10
    formbook8h9mdiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      bwfjco.exe

    • Size

      6KB

    • MD5

      9c52ec38c352cd19ae28913fe206a5b3

    • SHA1

      a79300b49a4f1cce8db98515f79759a51bae664b

    • SHA256

      5cb816f8eec3869aba2eec928f0a2c212b55658ae4d0f58ccfe5dbee87ba47de

    • SHA512

      efa5c0060a217a2a8d5a811d0895dfe52ec4cc7213218d7abd09f1a3a621b828015df4c7adcd26ca71f776610ad9a46a710114297a5a76411cd22850675e0a1b

    • SSDEEP

      48:aPUCS0YbdorCpU3PXXPuh5Ptv+qCpUh0MovqHwI4IkPzI/iavc7odlM7BXWjiRuz:RJbdo9P4RoM2VfcK7BHx

    Score
    10/10
    formbook8h9mdiscoveryratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks