General

  • Target

    a172b261614d5d5d0513ecfa06bc5711_JaffaCakes118

  • Size

    942KB

  • Sample

    240403-f8s3yahc7t

  • MD5

    a172b261614d5d5d0513ecfa06bc5711

  • SHA1

    24369f2c0e1f299462676a4f842e5ea1d205b2d3

  • SHA256

    d7fa1327e8e502c0658dc031eac50affd1a40ec45aee6c0110d61d0ebe9744a5

  • SHA512

    256dd2c97de6b87be2c5890ecb1384c55008a23ce07a984ef84c8f10648d12b3898c14283b7ead9a39af505e01044159b0dfaec3e4b960826ecc7c28aa4b8ba8

  • SSDEEP

    12288:GO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl9vai2K046Mnq0UnsO5lJkKzUvoQ:XHBQLW10ergut8+VuRHPXWMjk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rf3t

Decoy

palmettohomeswakulla.com

sorelleapparel.com

abouttohour.com

ogrownhemp.com

themontagnard.com

zarioch.space

lty712.info

ajdstone.com

600plusgymspa.com

schmitzland.com

luhuigw.com

mysafeplacetoinsure.com

barkpark.club

investigation-science.com

sermonartnotes.net

gorgeousflippinllc.com

smarttrendshop.com

markusjungfoto.com

glyzaelbol.info

thewiseowl.art

Targets

    • Target

      a172b261614d5d5d0513ecfa06bc5711_JaffaCakes118

    • Size

      942KB

    • MD5

      a172b261614d5d5d0513ecfa06bc5711

    • SHA1

      24369f2c0e1f299462676a4f842e5ea1d205b2d3

    • SHA256

      d7fa1327e8e502c0658dc031eac50affd1a40ec45aee6c0110d61d0ebe9744a5

    • SHA512

      256dd2c97de6b87be2c5890ecb1384c55008a23ce07a984ef84c8f10648d12b3898c14283b7ead9a39af505e01044159b0dfaec3e4b960826ecc7c28aa4b8ba8

    • SSDEEP

      12288:GO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl9vai2K046Mnq0UnsO5lJkKzUvoQ:XHBQLW10ergut8+VuRHPXWMjk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks