General

  • Target

    88fa2e2c92637d69a2733aa6764977c5_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240402-lhxakach21

  • MD5

    88fa2e2c92637d69a2733aa6764977c5

  • SHA1

    630fe77a75bf1905b629287c32d0f07a7658d3f7

  • SHA256

    0136309b04a417b48dbd312209bda252b5a9abbe7e3b39a66f53d3ab72c2eb57

  • SHA512

    703455300bcbfd98e0ede6c3a1df09f2fabe342dff9cc7f136128cf424f24d099cf226eb17f4119c0ccb0006abc4c3113cba8473ada4bdc79047179d31901f2e

  • SSDEEP

    24576:ea2hFea0TqqWslZVQD1s24kUicaREssjlzKT:eOeCK1h4kUfaelA

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cmsr

Decoy

dahlia-dolls.com

iamawife.com

gardunomx.com

roweelitetrucking.com

asapvk.com

strategieslimited.com

healthyweathorganics.com

wedding-gallery.net

fastoffer.online

biolab33.cloud

los40delocta.com

charliepaton.com

jenpaddock.com

zzmweb.com

poetarts.com

techwork4u.com

tracylynpropp.com

rkbodyfit.site

migaleriapanama.com

cosmostco.com

Targets

    • Target

      88fa2e2c92637d69a2733aa6764977c5_JaffaCakes118

    • Size

      2.0MB

    • MD5

      88fa2e2c92637d69a2733aa6764977c5

    • SHA1

      630fe77a75bf1905b629287c32d0f07a7658d3f7

    • SHA256

      0136309b04a417b48dbd312209bda252b5a9abbe7e3b39a66f53d3ab72c2eb57

    • SHA512

      703455300bcbfd98e0ede6c3a1df09f2fabe342dff9cc7f136128cf424f24d099cf226eb17f4119c0ccb0006abc4c3113cba8473ada4bdc79047179d31901f2e

    • SSDEEP

      24576:ea2hFea0TqqWslZVQD1s24kUicaREssjlzKT:eOeCK1h4kUfaelA

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks