General

  • Target

    9f95195d65c34c3b3bc599e399196cbb_JaffaCakes118

  • Size

    460KB

  • Sample

    240403-el8pfafe4s

  • MD5

    9f95195d65c34c3b3bc599e399196cbb

  • SHA1

    283882ea8a5c557c63eb3941eb8fdd6298bdc86f

  • SHA256

    efbfd17d24ef5ee8e54a74ef9527396d511bcdade1826a1c08ee4f2603ec798e

  • SHA512

    e782be04c40029483ae8d23a99a9fc3098d59010d54a6d557da249de3e383c394e23680b56c2b6560b8d02b0c4ab29e7ca063ab6998f97b34eb252cc857eaed7

  • SSDEEP

    6144:yLHCTgMkhBnCnz0WLvFZ5Q+VHI3Yhfo5P7cYpXHjp/cvTWXZUGrmxbdM:yLcSBsYQvf5pVo3+fY7RTpkrsUN

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

useb

Decoy

houseofbooksae.net

ipjfeugo.xyz

sandiegowavefc.store

kamerynemehiel.com

herbalhealthalert.com

nfmedco.com

dorhop.com

bookingscenter.com

blaclyteproductions.com

novatel-network.com

locomotionprogramming.com

dotchocolatebars.com

rohanyat.online

a2detail.com

cotedazurpropertyforsale.com

space-vantage.space

averysanswers.com

lionheartimagery.com

nozincwadi.com

lovemyduck.com

Targets

    • Target

      9f95195d65c34c3b3bc599e399196cbb_JaffaCakes118

    • Size

      460KB

    • MD5

      9f95195d65c34c3b3bc599e399196cbb

    • SHA1

      283882ea8a5c557c63eb3941eb8fdd6298bdc86f

    • SHA256

      efbfd17d24ef5ee8e54a74ef9527396d511bcdade1826a1c08ee4f2603ec798e

    • SHA512

      e782be04c40029483ae8d23a99a9fc3098d59010d54a6d557da249de3e383c394e23680b56c2b6560b8d02b0c4ab29e7ca063ab6998f97b34eb252cc857eaed7

    • SSDEEP

      6144:yLHCTgMkhBnCnz0WLvFZ5Q+VHI3Yhfo5P7cYpXHjp/cvTWXZUGrmxbdM:yLcSBsYQvf5pVo3+fY7RTpkrsUN

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks