General

  • Target

    0f1827b72d05842dcb534459bc414d1c_JaffaCakes118

  • Size

    873KB

  • Sample

    240502-227hmsah54

  • MD5

    0f1827b72d05842dcb534459bc414d1c

  • SHA1

    71b62f60326c8d027af34a5c1f39ae2d7a325266

  • SHA256

    3e182b7a7af8f09fa8e9c6b371e056ec89a52aac9e6b0fafb8f9180aaae82d36

  • SHA512

    81439ecfc7e5234375de1e8ed6aaf09183a4003f11e744499ea79c5eb65d7c8e2abd05956294feac272b63276b3def372c2936ccb33ccd4d2472b4355d131d96

  • SSDEEP

    12288:SrQcsLtffft++++yrrFRRlerRRa/L/L/L/QKKgWlWlWldOzWebfjR0y+RoHbyvYR:SrZzPblv+R2ynbYB

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ma

Decoy

adsromnewspapers.com

baqpb.info

pazziperisocial.com

societefinition.com

mushabop.com

cryptoselection.com

bladdercancertreatment3.click

in272wceo.biz

aduanera.info

yogaenelcamino.com

elektroniksigaracim.net

houstonkitchenandbathdesign.com

thebibliophiles.com

deinuhren.sale

reliefnow.info

horsetherapyfortcollins.com

beluxuryseniorhomesnow.live

ranacecontractors.com

glassyice.men

pharmacie-moitier-albert.com

Targets

    • Target

      0f1827b72d05842dcb534459bc414d1c_JaffaCakes118

    • Size

      873KB

    • MD5

      0f1827b72d05842dcb534459bc414d1c

    • SHA1

      71b62f60326c8d027af34a5c1f39ae2d7a325266

    • SHA256

      3e182b7a7af8f09fa8e9c6b371e056ec89a52aac9e6b0fafb8f9180aaae82d36

    • SHA512

      81439ecfc7e5234375de1e8ed6aaf09183a4003f11e744499ea79c5eb65d7c8e2abd05956294feac272b63276b3def372c2936ccb33ccd4d2472b4355d131d96

    • SSDEEP

      12288:SrQcsLtffft++++yrrFRRlerRRa/L/L/L/QKKgWlWlWldOzWebfjR0y+RoHbyvYR:SrZzPblv+R2ynbYB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks