General

  • Target

    984eae99ede6562cf394483a1600c4a3_JaffaCakes118

  • Size

    416KB

  • Sample

    240402-1xljyaeh96

  • MD5

    984eae99ede6562cf394483a1600c4a3

  • SHA1

    75d1a2b5c8cd64dbe8b6470e47c8016db541b794

  • SHA256

    e827c29f504045d8e6d8a2eb622a571f83e1bf9afaa8f1b839af76f457b45135

  • SHA512

    2916b72e8bc5c4f8f610f8e24437c2c28847d5b0de471cb100a923b9ab726e8262b4354311dee5ae3c7f2ec02ef6f8b8358e743f29b4457947079c67a022aaf7

  • SSDEEP

    6144:tngMQ+aLjZeVeSUUC7Cw8sHa+gTPox+o7Vu+o5sAUqYNY:C+a0VPUURwNano5vG9

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r4gk

Decoy

quantalix.com

animalblog-eggs.com

039skz.xyz

guttas.net

lasantadayparty.com

protegerfinanceservices.com

vixtest.xyz

digitaleconomy.global

0xpax.xyz

mobilehome1688.com

themotionpartners.com

valueney.com

hattuafhv.quest

js0061gj.net

360metaverse.biz

seculardata.com

346727688.xyz

smartmapom.com

moksel.com

exoduswatchco.com

Targets

    • Target

      984eae99ede6562cf394483a1600c4a3_JaffaCakes118

    • Size

      416KB

    • MD5

      984eae99ede6562cf394483a1600c4a3

    • SHA1

      75d1a2b5c8cd64dbe8b6470e47c8016db541b794

    • SHA256

      e827c29f504045d8e6d8a2eb622a571f83e1bf9afaa8f1b839af76f457b45135

    • SHA512

      2916b72e8bc5c4f8f610f8e24437c2c28847d5b0de471cb100a923b9ab726e8262b4354311dee5ae3c7f2ec02ef6f8b8358e743f29b4457947079c67a022aaf7

    • SSDEEP

      6144:tngMQ+aLjZeVeSUUC7Cw8sHa+gTPox+o7Vu+o5sAUqYNY:C+a0VPUURwNano5vG9

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks