General

  • Target

    0d9f4cfd7e9832130b6354a6a388c164_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240502-f4lhashh9w

  • MD5

    0d9f4cfd7e9832130b6354a6a388c164

  • SHA1

    adc78c9d2d1fdd5c87d7df22ee980471dbcd74f9

  • SHA256

    7c3dcebffb8897039b6c9d722cfb553e06035a8e51c2c978cc0e38faf59c4c18

  • SHA512

    ee1c1f63473a8c21c85fbb2f07368739bc5b7fc2a35ce26f66a7f1d82e871dba5c576a3504ed117e6299db655b1cd9215d43082016f7a2fee35e9fc7df268a54

  • SSDEEP

    24576:/d8xg1PEqUoBicvoGAiTIDVvZbx+7p3+tq/hafC8Uq:F8xg1sqUoBiHhVZbxqFQK8U

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

hx200

Decoy

noithatmyanh.com

agrimarineholdings.com

flapbrushes.com

wealthdragons.media

009ee.com

beautyindustrybadass.com

dg-ea.com

chewblaserwedding.com

shadesofaquarius.com

kitnekaa.net

0m2fourlook.men

xequangninh.com

respirosciamanico.com

china8315.com

jwvkur.com

fv520.com

xdrinkx.com

zxcvxcv.com

zheyongtools.com

123eela.com

Targets

    • Target

      0d9f4cfd7e9832130b6354a6a388c164_JaffaCakes118

    • Size

      1.1MB

    • MD5

      0d9f4cfd7e9832130b6354a6a388c164

    • SHA1

      adc78c9d2d1fdd5c87d7df22ee980471dbcd74f9

    • SHA256

      7c3dcebffb8897039b6c9d722cfb553e06035a8e51c2c978cc0e38faf59c4c18

    • SHA512

      ee1c1f63473a8c21c85fbb2f07368739bc5b7fc2a35ce26f66a7f1d82e871dba5c576a3504ed117e6299db655b1cd9215d43082016f7a2fee35e9fc7df268a54

    • SSDEEP

      24576:/d8xg1PEqUoBicvoGAiTIDVvZbx+7p3+tq/hafC8Uq:F8xg1sqUoBiHhVZbxqFQK8U

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks