General
-
Target
fae4eb97ef670e17d1dfd5def02055d7_JaffaCakes118
-
Size
719KB
-
Sample
240419-wyf9dscf3z
-
MD5
fae4eb97ef670e17d1dfd5def02055d7
-
SHA1
5b3d7e28242ca089aedde236dbb5982107422ede
-
SHA256
5861ee83ca80dbfd549f2d8132c317020de7d070c5cf965518c552656fd54d7c
-
SHA512
a0bf8a418435214338969291120a56ed314ca50eafaea1954a8aa35374bbf83f0a2f764c5cde8e006a3587b3ae1536381d4f81f03963f019fa7a66cf8c476b1b
-
SSDEEP
12288:uSyPU9BPU92IX53yLDjAOsBgo0q4wMwmbd4Yj83FhW7EyeWk3QOXAKE2Et3hReDT:uSrjAOsBgo0q4wMLbKYj2lyE3QOXAKE+
Malware Config
Extracted
formbook
4.1
kkt
inspirafutebol.com
customgiftshouston.com
mycreativelending.com
psplaystore.com
newlivingsolutionshop.com
dechefamsterdam.com
servicingl0ans.com
atsdholdings.com
manifestarz.com
sequenceanalytica.com
gethealthcaresmart.com
theartofsurprises.com
pirateequitypatrick.com
alliance-ce.com
wingrushusa.com
funtimespheres.com
solevux.com
antimasathya.com
profitexcavator.com
lankeboxshop.com
Targets
-
-
Target
fae4eb97ef670e17d1dfd5def02055d7_JaffaCakes118
-
Size
719KB
-
MD5
fae4eb97ef670e17d1dfd5def02055d7
-
SHA1
5b3d7e28242ca089aedde236dbb5982107422ede
-
SHA256
5861ee83ca80dbfd549f2d8132c317020de7d070c5cf965518c552656fd54d7c
-
SHA512
a0bf8a418435214338969291120a56ed314ca50eafaea1954a8aa35374bbf83f0a2f764c5cde8e006a3587b3ae1536381d4f81f03963f019fa7a66cf8c476b1b
-
SSDEEP
12288:uSyPU9BPU92IX53yLDjAOsBgo0q4wMwmbd4Yj83FhW7EyeWk3QOXAKE2Et3hReDT:uSrjAOsBgo0q4wMLbKYj2lyE3QOXAKE+
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook payload
-
Suspicious use of SetThreadContext
-