General

  • Target

    66a1150a08b12d5e77501efc3a061b36_JaffaCakes118

  • Size

    367KB

  • Sample

    240401-d5ysxach78

  • MD5

    66a1150a08b12d5e77501efc3a061b36

  • SHA1

    c2fa325c56f08992bc6e02d57bf509336f7756af

  • SHA256

    ebd6c7f687ce3b98dff2749708b79b0cb31a075ce07cc63c39c4aafd7081b505

  • SHA512

    a7dbe623680c43e404f69decfc082d479f8a81edd1a19fc2643c967893e5a69d90de502d17c334b97cab03b6c07ec028b5f9f6db464f96ce7cbdf552b9fcde02

  • SSDEEP

    6144:klpL4MmytElR9xjrfI1BBNnLFZIsTZZFndOgxWkW2e1/CTnLYyyV9SP05ffY:kAMylR9xjrfIFZdJncgxWko/CrynI

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

h0gd

Decoy

hispansud.com

sanslisin156.com

izmediajo.com

fukugyo-kuchicomi.net

zjzmkj.net

powerupinnovations.com

unigradecuracao.net

inspirasimagz.com

isaacnqwilliams.store

john316graphics.net

wcparadise.net

trejoblanco.com

100x100cultura.com

beedivinehomedecor.com

polant.xyz

ascrete.com

www23855.com

emmagx.com

rekotalent.biz

fersamultiservicios.com

Targets

    • Target

      66a1150a08b12d5e77501efc3a061b36_JaffaCakes118

    • Size

      367KB

    • MD5

      66a1150a08b12d5e77501efc3a061b36

    • SHA1

      c2fa325c56f08992bc6e02d57bf509336f7756af

    • SHA256

      ebd6c7f687ce3b98dff2749708b79b0cb31a075ce07cc63c39c4aafd7081b505

    • SHA512

      a7dbe623680c43e404f69decfc082d479f8a81edd1a19fc2643c967893e5a69d90de502d17c334b97cab03b6c07ec028b5f9f6db464f96ce7cbdf552b9fcde02

    • SSDEEP

      6144:klpL4MmytElR9xjrfI1BBNnLFZIsTZZFndOgxWkW2e1/CTnLYyyV9SP05ffY:kAMylR9xjrfIFZdJncgxWko/CrynI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks