Overview

overview

10

Static

static

3

6b5e67fc06...e3.zip

windows7-x64

1

6b5e67fc06...e3.zip

windows10-2004-x64

1

ORDEN DE C...dF.exe

windows7-x64

10

ORDEN DE C...dF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8a8a6874ee88c0750227c5e14eb9e32cee847ce303c1b9aa110b02eea8f43188

  • Size

    595KB

  • Sample

    241228-2tsphstqa1

  • MD5

    5b29ec0e2037c8ae32aec6468f5d7c86

  • SHA1

    651fb1bc0f059e94325f48ae56088db3dc081088

  • SHA256

    8a8a6874ee88c0750227c5e14eb9e32cee847ce303c1b9aa110b02eea8f43188

  • SHA512

    7c1cfbbadf3d583bd374bf48a8569c6fc1085dddd1df5df9fe059821cbe93b7d12461ae13c4beebe4d999f36b1a0f0621d30279a12fff6c2b937993482d0326a

  • SSDEEP

    12288:Rgo/6VtT6NwBJEG4u610auUzc6r6uqTMnfjuErPurE+W5Z2Bh/:io/ytWAJEG4uwxuUYruMOPurE+Wk/

Score
10/10
formbookde19discoveryexecutionratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de19

Decoy

predictivemedicine.life

coloringforthepeople.com

project154.com

usmmexchange.com

bootzxon.com

chaoge730.com

thenaci.com

moviestarplent.com

musicallyengaged.com

sneakerspark.net

yudist.com

apqrcx.xyz

traceless.tel

guardlanavionics.com

usadogrights.com

openei.club

aventusluxury.com

telewebin.com

godrej-threeparks.net

solbysol.com

Targets

    • Target

      6b5e67fc066baf47b9a4cf5d5ece9015982cd5d4f0b843caaf3435fca979e6e3

    • Size

      595KB

    • MD5

      ea8d0c3d4f4f43ed28958069ac29d11d

    • SHA1

      3ae6e5ea19e1a7ecdaf59a0ebc6f41185e7c3b14

    • SHA256

      6b5e67fc066baf47b9a4cf5d5ece9015982cd5d4f0b843caaf3435fca979e6e3

    • SHA512

      70fc1ab81280df77f32df069a8275712f3fc2cceebaab38a44febf08b40ced1cedb306eeef26532599f5c10a91077a3fa642f1fb493c7cdcca9fee59c8149e62

    • SSDEEP

      12288:8BgltZO+aM/e3cgp5CBqtjzPLJ6SdIN5CzCRJHk5NtLwyk:8YtY+YnCBqtj3J7+ozCT+2h

    Score
    1/10
    behavioral1behavioral2

    • Target

      ORDEN DE COMPRA .pdF.exe

    • Size

      913KB

    • MD5

      5f3bb9b37ca94a6d7ac4251b311f3411

    • SHA1

      125ebf52ebcee4dfcd2225a3ee79b4e91a835cb2

    • SHA256

      eb9a61f2196306679a282ab81f0f8a480a5c57aedeb20886d122fe044556eb87

    • SHA512

      37c22de1774db86d49c0fe86da7a4ae0496c20749b82870df433e8e3f7e4ecbc14e73bbc9ed2cf7d6ee33ed16a88453c1e23788b056087a5267c136541ca0ed6

    • SSDEEP

      12288:/RV/+MaZ03sgX5kZqDVfldxoSdWN5+H8HJzk5DtEJ2u:p9+UdkZqDVzxhMUH8pyb

    Score
    10/10
    formbookde19discoveryexecutionratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook family

      formbook

    • Formbook payload

      rat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks