formbook

General

Target

JaffaCakes118_701893f05fb7f11f4f0bbbc6b7f4c540e4c8d5e5d5cd98d42db973fb89eaed0a
Size

2.1MB
Sample

241226-x98nfswmgy
MD5

4702a1f882fe8a673d76ebd14b1822ab
SHA1

44f28a56afd251d62676665469b8da86d0b94694
SHA256

701893f05fb7f11f4f0bbbc6b7f4c540e4c8d5e5d5cd98d42db973fb89eaed0a
SHA512

bf22cfc8b8f8643cb591e6c2ada0134265f01b0eb880fc4f80ff69a98269da571aed46e9e71bbfdeeb438b5bee647bb820583bca964fb92378cbe489295cd9ce
SSDEEP

49152:h2YfqQHRPrfGKAI8OPRrjK6ZFy1A/fYwRoBzER:smHTfGzSPxO6Ztf1gzER

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gz92

Decoy

ayurvedichealthformulas.com

plazaconstrutora.com

nat-hetong.info

eapdigital.com

ibluebaytvwdshop.com

committable.com

escapesbyek.com

mywebdesigner.pro

jianianhong.com

benvenutoqui.com

beiyet.com

theartofgifs.com

mbwvyksnk.icu

nshahwelfare.com

hhhservice.com

thechaibali.com

travelscreen.expert

best123-movies.com

leiahin.com

runplay11.com

Targets

- Target
  
  538375308232021.bat
- Size
  
  853KB
- MD5
  
  dc09fa8c42e8c65946e8eb777a5be3e8
- SHA1
  
  53bc5551ad267c44dffa4ba27a7c64045845d05d
- SHA256
  
  93c2cb3a004ba55c70aa8b1cb9d4444b2294fb9fc5ae479a3abf3c2743c8c532
- SHA512
  
  5ff0fd59408efcfdba56ade588ba9f3515b5b34d9644bafab4d5d1c71354fd1a71cd6f5ec8e2f607381350eb27da60bddbb2ece09acabc9790e5b1d77d3e5f14
- SSDEEP
  
  12288:BX33Ez9LvzcTrtWTxwjntMws+dN9Op1LCEDFgAbvjmyV/:BX3yL4ZW+js+D9Gh5ZrOyV/
Score

10^/10

formbook gz92 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Container ETAbest offer 8796___pdf.exe
- Size
  
  1.0MB
- MD5
  
  0d6cb0ad6a243cbaa6e0baf76a29d796
- SHA1
  
  3001f4a8107eba4f6b3c7b2fc43f31d3eb2dc152
- SHA256
  
  f0236b0ba3d99fac225741bd2751ee4517e1f2159d19248ff0800b8304d48421
- SHA512
  
  39a30f8e6db3037fb95a823b541b84cc84aa1481b6e26b0570827ae00e6a620eb61e25233ab3a12471a8bebc8e073d8dd31ca0a3621d59f029b05b9768a32caf
- SSDEEP
  
  12288:7Ze0H4rdL+9QltfcXCh3PdXUouNRZd+MO+QWYw90kti0lGPefNxT:7o0Y5LWUDVXUouM+Kw90vi
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  微信图片_20181017153614.bat
- Size
  
  909KB
- MD5
  
  71da07376987682c8b30681324585e47
- SHA1
  
  a5193ef8359e57870e7dc9a3bc61c1c2be67af17
- SHA256
  
  9e03f772f926c5875d716ee78ba7e6477578a78f63880395b32565bcc09251f3
- SHA512
  
  89acadb9078884a8625e47734ba294751e9fc91cfeb10ac82c061b7239474cb363f0cc36e9d4469c846568c757b41f9927ff0fb2c051e223d8f01648a3caba55
- SSDEEP
  
  24576:tNoj3YXZ0Srdcfb2o60yLu5lQYPwpt8fpsNU76Zq/iar:Qj3EZ0idGVpSu5u9H8fi
Score

3^/10

discovery
behavioral5 behavioral6