General

  • Target

    79314c1c479fba0f623b363b3069d344_JaffaCakes118

  • Size

    377KB

  • Sample

    240401-yvazbaea9s

  • MD5

    79314c1c479fba0f623b363b3069d344

  • SHA1

    e0a509b7d938ed38394dd1d14278fb65730fd73d

  • SHA256

    c32b5b1c2a90a6a38f7dc2dcb4541c111fa1ddc39eab5f0173205aa4079cbc5e

  • SHA512

    5f2c121df4a0e010ba66840e954f95f0e91ceb4159802dc7aa18954bb66634cb2d26f6226d5801c4f9eb034d1d97790540286c55dd5842e1669bfca5e15a46cc

  • SSDEEP

    6144:E9ylpYSK8uvviWms7cQHArdDFRZQ8rR6h1ci6L3ZyS67aVylsseUL:E9LquvvSH0mQ8d6zci6L3As

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fkt8

Decoy

chosenvoicesrising.com

sinanbodur.com

ajayforchange.com

ucp.coffee

voteyatooma.com

budgetsignsco.com

greenscheme.xyz

bscvbuye.xyz

onlineslot.website

posta-sk-online.com

lawrencesmithart.com

clubbiohack.com

rancrypto.net

ankitanandroy.com

mdexam.info

rochx7.com

experiencegreatness.site

rooferseeker.com

xy-marine.com

tecnograss.com

Targets

    • Target

      79314c1c479fba0f623b363b3069d344_JaffaCakes118

    • Size

      377KB

    • MD5

      79314c1c479fba0f623b363b3069d344

    • SHA1

      e0a509b7d938ed38394dd1d14278fb65730fd73d

    • SHA256

      c32b5b1c2a90a6a38f7dc2dcb4541c111fa1ddc39eab5f0173205aa4079cbc5e

    • SHA512

      5f2c121df4a0e010ba66840e954f95f0e91ceb4159802dc7aa18954bb66634cb2d26f6226d5801c4f9eb034d1d97790540286c55dd5842e1669bfca5e15a46cc

    • SSDEEP

      6144:E9ylpYSK8uvviWms7cQHArdDFRZQ8rR6h1ci6L3ZyS67aVylsseUL:E9LquvvSH0mQ8d6zci6L3As

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks