General

  • Target

    e5804762a27e381585dd592dc15ffd89_JaffaCakes118

  • Size

    320KB

  • Sample

    240407-wckppaab3y

  • MD5

    e5804762a27e381585dd592dc15ffd89

  • SHA1

    79f45d7c5a0eec4e281522fe6b3c610359517a54

  • SHA256

    d6759d62c64ebcfe83041fd0c336ed7e2f1d8ba44ad409de4313b0b029250ba2

  • SHA512

    dbb653d8167aa5d926d6e958ce7e23adba4690b89e2da8e447c0287f9bda54482046ce666c8745b029dbb3ab1fab1a72f804b925e51c0f921f07c3139cc28f9d

  • SSDEEP

    6144:JTNs2iJdoIm/MZWepYPbzXIzvkelXB+CjH4JAnRwoOL9:fsxcf/EWPIbn+CjYJARwoOR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

otcl

Decoy

lenatwo.com

alshiban.com

hotsexfreevideos.club

tfcfu.com

punealtz.com

wang0911.com

onenesstokyo.com

myshopsbuddy.com

vishalsgupta.com

simplyagrarian.com

jpruyle.com

sinnergoingtohell.com

face-pad.com

holisticworldinsider.com

rootsentertainment.net

veextechthai.com

tradeplotter.com

fothergillacademy.com

machinami-home.net

hardwareonestore.com

Targets

    • Target

      e5804762a27e381585dd592dc15ffd89_JaffaCakes118

    • Size

      320KB

    • MD5

      e5804762a27e381585dd592dc15ffd89

    • SHA1

      79f45d7c5a0eec4e281522fe6b3c610359517a54

    • SHA256

      d6759d62c64ebcfe83041fd0c336ed7e2f1d8ba44ad409de4313b0b029250ba2

    • SHA512

      dbb653d8167aa5d926d6e958ce7e23adba4690b89e2da8e447c0287f9bda54482046ce666c8745b029dbb3ab1fab1a72f804b925e51c0f921f07c3139cc28f9d

    • SSDEEP

      6144:JTNs2iJdoIm/MZWepYPbzXIzvkelXB+CjH4JAnRwoOL9:fsxcf/EWPIbn+CjYJARwoOR

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks