General

  • Target

    a29902cf02373bfc6e3c93f122ae6455_JaffaCakes118

  • Size

    558KB

  • Sample

    240403-we6d6sgf29

  • MD5

    a29902cf02373bfc6e3c93f122ae6455

  • SHA1

    ce4dc44e4aa735349f5c73e89b9d14bd973d865f

  • SHA256

    1944e3560e3f0e997900d664726e2b3bd4cc3991000bbaf9888a92ff41e62c08

  • SHA512

    7988dd9854ad1375bae3c35db8a28ae4402c0647f17d2e81544dd3b52f40d76001f385c2bcba79e2d3c61a0d6add656a62b1842b271b327155062ba3db2e8860

  • SSDEEP

    12288:KdM8SBPSmGZ9nrPFQylP/d89uMrW9V/Pf6AptshRbl8:KdmBP0TrnlbMrW9V3ohR+

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mknl

Decoy

ortapasgol.com

dainen-nenryo.com

gimnasiaparatodos.com

odisea.company

directfactoryshop.com

116cloud.com

bestillwithliv.com

gentciu.com

av24.life

goeseo.com

navitie.com

sciencemallblog.club

mindy-land.com

tts-qatar.com

wissen-tool.com

sunispoison.solutions

fl10085.com

cuernavacanorth.com

27631niguelvillage.com

investmentpeers.com

Targets

    • Target

      a29902cf02373bfc6e3c93f122ae6455_JaffaCakes118

    • Size

      558KB

    • MD5

      a29902cf02373bfc6e3c93f122ae6455

    • SHA1

      ce4dc44e4aa735349f5c73e89b9d14bd973d865f

    • SHA256

      1944e3560e3f0e997900d664726e2b3bd4cc3991000bbaf9888a92ff41e62c08

    • SHA512

      7988dd9854ad1375bae3c35db8a28ae4402c0647f17d2e81544dd3b52f40d76001f385c2bcba79e2d3c61a0d6add656a62b1842b271b327155062ba3db2e8860

    • SSDEEP

      12288:KdM8SBPSmGZ9nrPFQylP/d89uMrW9V/Pf6AptshRbl8:KdmBP0TrnlbMrW9V3ohR+

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks