General

  • Target

    9c752189cf910e148831cce494096ca9_JaffaCakes118

  • Size

    422KB

  • Sample

    240403-bxkvzaca74

  • MD5

    9c752189cf910e148831cce494096ca9

  • SHA1

    6e096b2e97074ed2840104c4fd368ecf84da2fd5

  • SHA256

    f275914dc6eafbd3969add494c8193c5caceb4f34bc44c406dc6969c25dc13e8

  • SHA512

    3d2c194c70c8924a118dc058eb6793a488358b5728e1c1da885fa485fe887ef2b35d6369232518cfb26a54fabc40999f16cbd9328ac8c1651a5fd0b30d113d87

  • SSDEEP

    6144:CW6pdM0MyQvYxJ1EeDqcn6HNpgLYriNWAp0uPZRwDN2Bzpn7Do4YQ+FO15zLUFI:CRM0XQwdtDqHNprrW0EUpmn7DJP1G

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b8lb

Decoy

getyourcycle.com

emartasia.com

desailai.com

dgchurch.wiki

topspnicp.com

taxopaf.xyz

parapsymarseille.com

hanahuli.com

server22-amzn.xyz

offerte-auto-usate.site

susuname.xyz

estaciondeserviciocampoex.com

londontradingstrategy.com

virtual360hosting.com

mnp.gmbh

autozapchasti32.store

shalomsvillage.com

6088086.com

chleely.com

literarygum.store

Targets

    • Target

      9c752189cf910e148831cce494096ca9_JaffaCakes118

    • Size

      422KB

    • MD5

      9c752189cf910e148831cce494096ca9

    • SHA1

      6e096b2e97074ed2840104c4fd368ecf84da2fd5

    • SHA256

      f275914dc6eafbd3969add494c8193c5caceb4f34bc44c406dc6969c25dc13e8

    • SHA512

      3d2c194c70c8924a118dc058eb6793a488358b5728e1c1da885fa485fe887ef2b35d6369232518cfb26a54fabc40999f16cbd9328ac8c1651a5fd0b30d113d87

    • SSDEEP

      6144:CW6pdM0MyQvYxJ1EeDqcn6HNpgLYriNWAp0uPZRwDN2Bzpn7Do4YQ+FO15zLUFI:CRM0XQwdtDqHNprrW0EUpmn7DJP1G

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks