General

  • Target

    79540ebde70af8572665959a6bd06332_JaffaCakes118

  • Size

    590KB

  • Sample

    240401-yyrq8seb7z

  • MD5

    79540ebde70af8572665959a6bd06332

  • SHA1

    3bd50cdb398de8cd76729d340100734a7660f731

  • SHA256

    a26563b8bb82e71f54068820dd88b7de84199111b66e33af94c09e2344d9db74

  • SHA512

    705a0750432072ab20a3d078254e1d50d36d08482d662cdd3521b2510fc5490d8db0d446080ea6c6a3ed60d3e33bb39e8c964c56c54b622076ca31af92309157

  • SSDEEP

    12288:+hvwUOk/dNW+wCzc6kgzLKhMsVBNAPd86Uy+0:GYUOkfWbKqhMsVBNgoy+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cl8k

Decoy

georgiaprfirm.com

rhinosafeinc.com

gandgpublishing.com

angelyangelarquitectos.com

formation-gallery.com

orangecountyipadrepair.com

aplearn.info

freshlucky.com

wrapfestival.com

zerosarentals.com

ff7a9vlt7.xyz

teachbing.com

mukos.xyz

baojianma.com

dermalaf.com

hannahandpatrick2022.com

yesilnoktam.xyz

theroyalhotels-kw.com

reisebazaar.online

senergypallet.com

Targets

    • Target

      79540ebde70af8572665959a6bd06332_JaffaCakes118

    • Size

      590KB

    • MD5

      79540ebde70af8572665959a6bd06332

    • SHA1

      3bd50cdb398de8cd76729d340100734a7660f731

    • SHA256

      a26563b8bb82e71f54068820dd88b7de84199111b66e33af94c09e2344d9db74

    • SHA512

      705a0750432072ab20a3d078254e1d50d36d08482d662cdd3521b2510fc5490d8db0d446080ea6c6a3ed60d3e33bb39e8c964c56c54b622076ca31af92309157

    • SSDEEP

      12288:+hvwUOk/dNW+wCzc6kgzLKhMsVBNAPd86Uy+0:GYUOkfWbKqhMsVBNgoy+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks