General

  • Target

    0d046d981573187411afcd389a76c800_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240502-a4m38sbh61

  • MD5

    0d046d981573187411afcd389a76c800

  • SHA1

    eef569f5757c293d3e5a333b181b735c3afcc70a

  • SHA256

    7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

  • SHA512

    99ee5da59e4e726fb9782457cecb19ec7cd63a234b82f8693586d764a926d77d7c3defa296e787d90dea5d9d6421fc904c9ce378c2b8c0c816d7f60077ed113c

  • SSDEEP

    24576:eGKX6d7Lq2h5HRE+HMseHLGkUeMNpCDeyQnke:egLh1sDHLs1fCN/e

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

st08

Decoy

realestatebymel.com

staceonajourney.com

thegoldenflow.com

huepfefrosch.com

fasilitasikegiatankesenian.com

aliensonantarctica.com

krizokriz.com

deryment.com

aeonianlabs.com

longxngchem.com

jingmiyiqi.com

pillbugsbrog.com

artascolombia.com

technerme.com

wickerwoodfarm.com

robot-classroom.net

cqrjxfhh.com

zhongmeimaoyi.com

idweek2018.net

xn--w2xt74g.com

Targets

    • Target

      0d046d981573187411afcd389a76c800_JaffaCakes118

    • Size

      1.0MB

    • MD5

      0d046d981573187411afcd389a76c800

    • SHA1

      eef569f5757c293d3e5a333b181b735c3afcc70a

    • SHA256

      7f6459ace4d6259e61c8170563af8a30f25568457902f4f717c8ad17574efab6

    • SHA512

      99ee5da59e4e726fb9782457cecb19ec7cd63a234b82f8693586d764a926d77d7c3defa296e787d90dea5d9d6421fc904c9ce378c2b8c0c816d7f60077ed113c

    • SSDEEP

      24576:eGKX6d7Lq2h5HRE+HMseHLGkUeMNpCDeyQnke:egLh1sDHLs1fCN/e

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks