General

  • Target

    72f8696930aea206f91b39a551ffe093_JaffaCakes118

  • Size

    366KB

  • Sample

    240401-rbfxwsfe8w

  • MD5

    72f8696930aea206f91b39a551ffe093

  • SHA1

    a01cc8127d8afaaec98274d3db9504d364c9a33a

  • SHA256

    45e8fd9c2d454cbd2012f8cb1a3799fd70a470e5e82485c0df4f8b330e0c8ac5

  • SHA512

    da08667edd15f153629ff0d6f02896811261c54374c8076f0a4e3501f6c1e566fd2362071fd148ccdedca89e58146d0997e3d81f29fc657736dedde0e91e09cf

  • SSDEEP

    6144:5aC13sUBxC43q4JVRa6uTULqlLtgg9ulcsZGqU3skZQN/QvDecY:5VRsUBE46YVRt9qlLtggZsk932N/Qvip

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dv9n

Decoy

nblvqing.com

delmegebuildingproducts.com

xiongba8.com

latuawebreputation.online

nowcloud.tech

cckghs.com

tradeoo.ltd

ppapo.com

tphoaphuongdo.club

whitefoxy.site

bottle-sentences.net

computersewa.com

lushberryholidays.com

motobotz.com

shadurj.com

amazonlexdeveloper.com

shunli178.xyz

sjzzlmh.com

6eu09rp.xyz

novinmes.com

Targets

    • Target

      72f8696930aea206f91b39a551ffe093_JaffaCakes118

    • Size

      366KB

    • MD5

      72f8696930aea206f91b39a551ffe093

    • SHA1

      a01cc8127d8afaaec98274d3db9504d364c9a33a

    • SHA256

      45e8fd9c2d454cbd2012f8cb1a3799fd70a470e5e82485c0df4f8b330e0c8ac5

    • SHA512

      da08667edd15f153629ff0d6f02896811261c54374c8076f0a4e3501f6c1e566fd2362071fd148ccdedca89e58146d0997e3d81f29fc657736dedde0e91e09cf

    • SSDEEP

      6144:5aC13sUBxC43q4JVRa6uTULqlLtgg9ulcsZGqU3skZQN/QvDecY:5VRsUBE46YVRt9qlLtggZsk932N/Qvip

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks