General
-
Target
189d2936b8f338f116356b2f6907f5ae_JaffaCakes118
-
Size
619KB
-
Sample
240329-e97gaaaf33
-
MD5
189d2936b8f338f116356b2f6907f5ae
-
SHA1
060ab96df94582fe9a083f75bb83be583e1b5b52
-
SHA256
cf0f382b2db49f0f95d4e1b805c1def24a7ab16e64bd8d6cbb324fef94a98953
-
SHA512
c823d27312fdc0556f24b986d5f94efe254a992e0f24a6c85ab8ccbc0ea04f02266b18c2a4d0857a997047d39a8b700951ae0de160ce9118ff11aec93ca8a368
-
SSDEEP
12288:4tQ8nL588A5NLCG+ZAwAWL6ZNBGVmrPHXkLb/zpGByWaDOEoQIVi:EQk8L5B+Z+O5VmTHupXWa0q
Malware Config
Extracted
formbook
4.1
ghgn
nongnongqingyi.com
memojav.net
nothingbutallgoods.com
qiubaogu.com
consumeru.net
whitesandretreat.com
protectingtherepublic.com
rkpnews.com
captaincobyscajunseasoning.com
happyfilings.com
mznqa.com
food-truth-app.com
16crystallake.com
theisanitize.com
livefeelinggood.com
skiniences.com
rethgi4.icu
bucky.cloud
massageexchange.club
drshesalipatel.com
Targets
-
-
Target
payment receipt.pdf.exe
-
Size
718KB
-
MD5
bf89abfa9b6ab9c4a57db5755c9cdfcd
-
SHA1
2d4a41455d99fbd04c7b57b2305e9d94b336f7e5
-
SHA256
577c82fedb4b5c3eb243952bb75cf48386cc4c04e969a13f15c3b1c27afccdcd
-
SHA512
f480f044a02eba1856abdda2e74ddc09722a9196ebf0d183384a2f8ddf074e1979c8001b75c114e8bd0bfda0291759c3062908c58ad9348df6d21944c0e0bbfd
-
SSDEEP
12288:lGxqRSVdMkuvMNptn0UF0QHUeHJzet10aqKgD3HtgeNA6aDCbuvqJFTPy:lGY4vaHQ0w+vqKgrNgeNjaDFvqm
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-