General

  • Target

    a8354ac26895717ce391ecc8fc359e6a_JaffaCakes118

  • Size

    369KB

  • Sample

    240403-19g3aaee5v

  • MD5

    a8354ac26895717ce391ecc8fc359e6a

  • SHA1

    809ad7f6757ffab4f4117bec9d7ec334ce137176

  • SHA256

    24921a10a0d39086e4c656ee2ac556155fc036c72c78cf2021f88b31b94f4058

  • SHA512

    b27b4205467e11e5f23e492ece3e7593842e5ac7b01430d358199242c41d9147b3ea21d1f61987afe7c2fc458000cb92a9387bbeb78a2f2c728e93bcff045168

  • SSDEEP

    6144:dO2D0Z+3PNCKVfS9jRkSmsF0E04W5rUpwqxLwUoDXwl/NydXY:YpyXVfS95msFsJUOfgl/N2I

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gr1c

Decoy

soakyourgrains.com

duwego.com

aenkdesign.com

bikabbziu.xyz

thesawyerlegacy.com

koreanmodelbj.xyz

exceed-standards.com

syirsve.com

sachisushimontreal.com

thegalwaykitchen.com

accarwash-hub.com

connectwithmentor.com

luftfundament.online

ibrahimkaracan.com

biggersinsurance.com

desellon.com

tvnewscloset.com

digital-dre.com

ingocg.com

fernanda-ortiz.com

Targets

    • Target

      a8354ac26895717ce391ecc8fc359e6a_JaffaCakes118

    • Size

      369KB

    • MD5

      a8354ac26895717ce391ecc8fc359e6a

    • SHA1

      809ad7f6757ffab4f4117bec9d7ec334ce137176

    • SHA256

      24921a10a0d39086e4c656ee2ac556155fc036c72c78cf2021f88b31b94f4058

    • SHA512

      b27b4205467e11e5f23e492ece3e7593842e5ac7b01430d358199242c41d9147b3ea21d1f61987afe7c2fc458000cb92a9387bbeb78a2f2c728e93bcff045168

    • SSDEEP

      6144:dO2D0Z+3PNCKVfS9jRkSmsF0E04W5rUpwqxLwUoDXwl/NydXY:YpyXVfS95msFsJUOfgl/N2I

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks