Overview

overview

10

Static

static

1

38f284c6ac...0a.rtf

windows7-x64

10

38f284c6ac...0a.rtf

windows10-2004-x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4

  • Size

    743KB

  • Sample

    241225-ark34s1rgs

  • MD5

    4f8ea63904434cab99bd3854054fa07c

  • SHA1

    6ef972551989a84b7c3a69d371b9a3405c828700

  • SHA256

    8fa0440884a90d217c683a8a50207068022db140a171049957afbe463d090fd4

  • SHA512

    ed4fd1bdac024714bdc02d06a02351a3d6c3bcf6cf31929f7e91e8afaad470a4965aa6a6d7573945215a6de4258b8f9dbd7dbcbb2f75cd75dac1af3ddb5353f3

  • SSDEEP

    12288:uXdxJpf2HgT1BRurPowSU0C/UVhWLgB0xD/fD6UpEVzML/Hqpl9vSMxXkcMSSJDZ:uXPJVUg7ReAwzjUhBufDRoMLPeW6UpDZ

Score
10/10
formbooku31ydefense_evasiondiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u31y

Decoy

writer-career.com

thecozymosey.com

cesarashop.com

tcdfzx.com

redknightsaus6.com

hbczz.com

u0959.com

hyyssy.com

ytbangsi.com

popularepoch.com

jenesgloparties.site

belbo-shop.com

fundeim-ucv.com

buttersdesignco.com

ingiluzim.xyz

visithimalayatours.com

aridahaaf.xyz

emocjilindre.xyz

rcfunhobby.com

taminndir.com

Targets

    • Target

      38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a

    • Size

      3.7MB

    • MD5

      fd00d713c843371c82be116049b5a6d9

    • SHA1

      e46e115e003d6088655a5c364d6d03551cb0e41b

    • SHA256

      38f284c6ac68831d066f9325b4f8508145ef62146b4c257e3c0a10fdf2305b0a

    • SHA512

      3f5c7ff62a3f3e7d03c7dd69a3195a93ad0490864ffa10af155085755a1de89f9b27a92e67c84594923b87348b5f192714f33467abbd072ee9a9050b2442c07f

    • SSDEEP

      24576:/gzlt/Kh+sR8/P5fe4VOGLCaIMArRmXCYtXI9yrti7FnVP33hzkZsN:z

    Score
    10/10
    formbooku31ydiscoveryratspywarestealertrojandefense_evasion

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Formbook payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.