General

  • Target

    a86dedf95d0d7a02c577ea6333686a47_JaffaCakes118

  • Size

    543KB

  • Sample

    240403-2fva7aeg5x

  • MD5

    a86dedf95d0d7a02c577ea6333686a47

  • SHA1

    c30215690fd50233a94d58400ab2f9010a4887e7

  • SHA256

    b877e6f41d83c546f056fa7f88b5f323d944616a9919025e71971d034b56b592

  • SHA512

    9d08374b6329731ece1b31004bdce3265afc3282d266df2a22581bcfba375e707cad7b74344a7f619319ad198c5188c1591827188ccbf6ae5fa23bb7ffd53113

  • SSDEEP

    12288:HMcTti2fFn+fmgreKLbff0m1ltwrL290sZD0VIpZeuVyJetSB:Hkmn+fPxzsmfkL290cFJIRB

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fzsg

Decoy

thewetpatch.wtf

oceanfrontrecords.com

ultimatemecha.com

domainnameshq.com

schieksrvservice.com

bedandbreakfastitalia.cloud

rfmlc.com

hightechvids.com

greenvilledermotolgy.com

psilocybinforu.com

xjkerwen.com

euro-d-rev.com

shans-online.com

masterofcrypto.com

gamodaitaliana.online

lavivabet217.com

femsol.online

qafyzey.site

kang17.xyz

kilimlove.com

Targets

    • Target

      a86dedf95d0d7a02c577ea6333686a47_JaffaCakes118

    • Size

      543KB

    • MD5

      a86dedf95d0d7a02c577ea6333686a47

    • SHA1

      c30215690fd50233a94d58400ab2f9010a4887e7

    • SHA256

      b877e6f41d83c546f056fa7f88b5f323d944616a9919025e71971d034b56b592

    • SHA512

      9d08374b6329731ece1b31004bdce3265afc3282d266df2a22581bcfba375e707cad7b74344a7f619319ad198c5188c1591827188ccbf6ae5fa23bb7ffd53113

    • SSDEEP

      12288:HMcTti2fFn+fmgreKLbff0m1ltwrL290sZD0VIpZeuVyJetSB:Hkmn+fPxzsmfkL290cFJIRB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks