General

  • Target

    9416bcf98a5d728bba79b87e1aa43466_JaffaCakes118

  • Size

    346KB

  • Sample

    240402-xa7xwaaa59

  • MD5

    9416bcf98a5d728bba79b87e1aa43466

  • SHA1

    49d5ec3bcf01ad4c9927d5903b6db4acd922230e

  • SHA256

    da4990bc142f92e8cff75d8394bbe43569e1f5454a10d38dca22114d2c2fa6bd

  • SHA512

    bd4d1aeb0d8989cfbef253dc9c00c79b0489a0221a8ff79680f9f6e41b6c5d50d8fb3e2199c7b4c73334f08fbc7d9d0acc996f878145a110f645a7ef99586a39

  • SSDEEP

    6144:HnyMQ9bXFZfl8StCt3ekRcNnFnHBNXlTEGtxhI:HyMCft23ekyzhNNVtY

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s6tn

Decoy

usesignature123.com

hamster-run.com

expressinsuranc.com

obitasu.net

h14-pvzn.biz

ivanroussev.com

therapeutictruth.com

kdqdl.com

emmagx.com

bidarsoft.com

midtechdynamics.com

shapelies.art

luchamasks.net

smileshippment.com

plazabd.com

vabeachfishingcharters.com

change-fit.com

dncrgroup.com

5504590.com

diverde.dental

Targets

    • Target

      9416bcf98a5d728bba79b87e1aa43466_JaffaCakes118

    • Size

      346KB

    • MD5

      9416bcf98a5d728bba79b87e1aa43466

    • SHA1

      49d5ec3bcf01ad4c9927d5903b6db4acd922230e

    • SHA256

      da4990bc142f92e8cff75d8394bbe43569e1f5454a10d38dca22114d2c2fa6bd

    • SHA512

      bd4d1aeb0d8989cfbef253dc9c00c79b0489a0221a8ff79680f9f6e41b6c5d50d8fb3e2199c7b4c73334f08fbc7d9d0acc996f878145a110f645a7ef99586a39

    • SSDEEP

      6144:HnyMQ9bXFZfl8StCt3ekRcNnFnHBNXlTEGtxhI:HyMCft23ekyzhNNVtY

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks