General

  • Target

    5e961605e1dc9daa1727cfbaee735729_JaffaCakes118

  • Size

    480KB

  • Sample

    240331-1bqlrscf7z

  • MD5

    5e961605e1dc9daa1727cfbaee735729

  • SHA1

    afd6f53fd86e63762e32f0d553107ef142ee180f

  • SHA256

    59408a1d8881c6a15304d6e718efb48cb9583011ecc24d60c580105df0e251ba

  • SHA512

    37b0ce5d38d6068996349dc122975b98f62b2cd07f9a34f16887df5e2dbbe99890dbce3fc25a8670b11bf18a85290482aef5d202e9da74edef55efe90248668e

  • SSDEEP

    12288:Uk70JAKZWsImwLuLP6zL6CH3BRCISBAa:v0A5BULSz13eFBA

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bs2l

Decoy

toupitoup.com

hyshxwsy.com

blackwatchers.com

otofiyatlari.net

cuidatuhamster.com

a-map.pro

nxnhdh.com

mattregusonracing.com

proofvisuals.com

bettycomegysoc.com

startcbdstore.com

buyquickdeals.com

sloopmagazine.com

klikq.com

oldi-treffen.com

ladysigns.com

xn--cckva6ckj6iqcc4gva5gd.xyz

sugarspiceeverythingnice.com

herbertlay.com

glomesweetglome.com

Targets

    • Target

      5e961605e1dc9daa1727cfbaee735729_JaffaCakes118

    • Size

      480KB

    • MD5

      5e961605e1dc9daa1727cfbaee735729

    • SHA1

      afd6f53fd86e63762e32f0d553107ef142ee180f

    • SHA256

      59408a1d8881c6a15304d6e718efb48cb9583011ecc24d60c580105df0e251ba

    • SHA512

      37b0ce5d38d6068996349dc122975b98f62b2cd07f9a34f16887df5e2dbbe99890dbce3fc25a8670b11bf18a85290482aef5d202e9da74edef55efe90248668e

    • SSDEEP

      12288:Uk70JAKZWsImwLuLP6zL6CH3BRCISBAa:v0A5BULSz13eFBA

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks