formbook | 29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4
Size

1.8MB
Sample

241226-ww3plstrcr
MD5

b2787bcd83da6bc771a170f66cbc2d36
SHA1

e708226410bb8931834eb6374cf936bb8df30671
SHA256

29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4
SHA512

74bdca3676deab73f93420cad81ff3579a450ed5e22b24f32c92fa9e4858b2e0c63f1c121e7d05784e857258de43154bba890a069d133fb57748cf4df75759f2
SSDEEP

49152:KknF7PrhOFOPSsD3C82Ivkbn4PZ/ZRwS7D:KKrh5PSICMe6pw8D

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nyk

Decoy

thenursingstudysystem.com

michaelxp.store

villas-townhouses.com

xwhzpx.com

bk-equip.com

wunschpresent.com

bodyointment.com

k12schoolreports.com

thelittlereaders.online

studiowala.com

glassprotocol.com

operationhitched.com

allafricadeals.com

chollotiza.com

sustainablesmartphones.com

variationsinvarnish.com

juqms.info

babymasajsalonu.com

theresekhachik.com

wehuq.com

Targets

- Target
  
  270e9ba7fa51858ba35182e14d0b91c4.exe
- Size
  
  377KB
- MD5
  
  270e9ba7fa51858ba35182e14d0b91c4
- SHA1
  
  5d4778d1af67893d6cf922863c43e9019572d793
- SHA256
  
  82f9b9947a9ecb8520eb5ac731918ea2c1b1d9e3b00a1189aff9b1441fa2b72b
- SHA512
  
  1c6de95c617d1097b52a8ac904718342605489a9dbffec5857eb0f4a060655e0b1b97d510704da4b5b356811fcb57f77297c56e88cd7b2ed27ae725b5d4c1391
- SSDEEP
  
  6144:4of7DeNUSfGgHCU/2McdfoI/ZX0rYfCzuCCMQZN/OdnFQ8+uXNvxsCtrEKykd:jYV6MorX7qzuC3QHO9FQgd5sCtKk
Score

5^/10

discovery execution upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  341029725926d6ce55334f5a51dc1358.exe
- Size
  
  181KB
- MD5
  
  341029725926d6ce55334f5a51dc1358
- SHA1
  
  8f1663c10307c4ad9b6d43c748abc1c27cea2da8
- SHA256
  
  76e2040321ed7cc5ff6ced0a91b8e8546b7f9a4eab5802beb8ce137b0da48244
- SHA512
  
  6386ea5cefda66ab1bd11ae7527bdce3d5d0b6806f398583164af67a4c22ef2ebcea69f5dc9d42d6ba5c6675b56a1a82c1eca99d597992fc6de65a6c5572671b
- SSDEEP
  
  3072:LEinlOfZPvHa2FSK6vFmG6agepBvxdiNH7FO9pSg/wjzF5XXr1:rqZKMSBv83a7ppXiFFO98g/Ez
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  6f09c7f423232ef509f90e66b1146a50.exe
- Size
  
  377KB
- MD5
  
  6f09c7f423232ef509f90e66b1146a50
- SHA1
  
  bea14870eb44669c73ba5fe75c6ec2657654daeb
- SHA256
  
  fbad6defdda31579e98bbb4f27193891ad8b5d13e32a75dcc4d2666f2c3a5843
- SHA512
  
  f16479c779a659f2f3729ec6e37058843cc50629b2fe8696d86141dc48d3d035b8d1fc6dcda330cc6bd7d1daeeca9ecb6854459402227484e361b8b0cf31b159
- SSDEEP
  
  6144:Lof7DeNUSfGgHCU/2McdfoI/ZX0rYfCzuCCMQZN/OdnFQ8+uXNvxsCtrEKRKY:GYV6MorX7qzuC3QHO9FQgd5sCtpH
Score

5^/10

discovery execution upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  866e097ff53dbfefe7b3289abda15939.exe
- Size
  
  377KB
- MD5
  
  866e097ff53dbfefe7b3289abda15939
- SHA1
  
  47b511fcb38f29116908b24ae4f021bcb5217402
- SHA256
  
  cda533fbcdc33bfc7242c90e8e0a72dd1448e78d4c40e7d9ae5bcd183f94ae7b
- SHA512
  
  d90f16ab01137965e23a85c9e9af6c69e99090e17f1382aa302de72ad3cd0d6e9bd5d596fb6ce1837cc0db1c1f0213473ee430cbe313fee004fd8365ffd4dba5
- SSDEEP
  
  6144:aof7DeNUSfGgHCU/2McdfoI/ZX0rYfCzuCCMQZN/OdnFQ8+uXNvxsCtrEK7VB:JYV6MorX7qzuC3QHO9FQgd5sCtjr
Score

5^/10

discovery execution upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  9419d53b0db3f157a6011c8657ba118d.exe
- Size
  
  377KB
- MD5
  
  9419d53b0db3f157a6011c8657ba118d
- SHA1
  
  2d7abfbff3dd2c12772268f3977676e25d727065
- SHA256
  
  73b3b6f6389ea1919ab56c61cfb13a0f5e0778bf49dbda7a42652c42cbc71ab2
- SHA512
  
  16f7f6e5984726b8edbf494128ed2583b431c5eef476f7f03087d83e60c39b19756347730318640e0ce097ec9b2b206bab33ad59fdb4cf18ef01c572d6028868
- SSDEEP
  
  6144:iof7DeNUSfGgHCU/2McdfoI/ZX0rYfCzuCCMQZN/OdnFQ8+uXNvxsCtrEK/WE:BYV6MorX7qzuC3QHO9FQgd5sCtH3
Score

5^/10

discovery execution upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9
- Target
  
  fa9d1e3fd2983aca146b2a04ddf6e351.exe
- Size
  
  377KB
- MD5
  
  fa9d1e3fd2983aca146b2a04ddf6e351
- SHA1
  
  cbc7dac0c145927e1b1e8c923e17150ec9ad006c
- SHA256
  
  f27c7f9093a377e3c96f108e7b434d6a5b89e52036b86633ea1334dd8f67dfbb
- SHA512
  
  fc38c7f1028bbee3eebc883e242366e852a852f459df57e65d48cac38ab6834f9e676160925dc3f30b6b667427ed22b02c0424d193929e3c448d49dbd40a5973
- SSDEEP
  
  6144:Lof7DeNUSfGgHCU/2McdfoI/ZX0rYfCzuCCMQZN/OdnFQ8+uXNvxsCtrEKBhn:GYV6MorX7qzuC3QHO9FQgd5sCtJx
Score

5^/10

discovery execution upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

AutoIT Executable

Drops file in System32 directory

UPX packed file

AutoIT Executable

Drops file in System32 directory

UPX packed file

AutoIT Executable

Drops file in System32 directory

UPX packed file

AutoIT Executable

Drops file in System32 directory

UPX packed file

AutoIT Executable

Drops file in System32 directory

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12