General

  • Target

    0d9bd0f59b95665c8fe489eb4820170e_JaffaCakes118

  • Size

    973KB

  • Sample

    240502-fz8r2ahg9v

  • MD5

    0d9bd0f59b95665c8fe489eb4820170e

  • SHA1

    bca9ea90c613234781864b13ad55b2c934243006

  • SHA256

    0726c496197a811600f47763681600e872218602c04a6646c7d7ef67ea1ca48f

  • SHA512

    3d719d3ed9996a751475ed2327812aa7e17b62f879a131330aece91f7c893ffe39fe565ad0b841af6d1fc6e0fc816e78c2d2ae6d81dd67c4b4f1ec96e5fa7bd5

  • SSDEEP

    12288:BOkBSWyhJEwYQZk6eqphpau3dP7AXC4bQqUwGeWTvFnr1Vu0qX8PytoWy2SGFj:IiSzviQZk6eqFJUCMG7drS0qX8Pytoi

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nie7

Decoy

inducare.biz

simulists.com

nokiapit.com

docampaign.win

locandabrasserie.com

185aa7.com

xuanhua1688.net

starksesq.com

mystuve.com

osakuri.com

zero-given.com

thediudiu.com

gaulinimmo.com

maxraise.com

tonus-conseil.com

10dianpp.com

coincher.com

swatt.win

sittu.info

audioexperiencedesign.com

Targets

    • Target

      0d9bd0f59b95665c8fe489eb4820170e_JaffaCakes118

    • Size

      973KB

    • MD5

      0d9bd0f59b95665c8fe489eb4820170e

    • SHA1

      bca9ea90c613234781864b13ad55b2c934243006

    • SHA256

      0726c496197a811600f47763681600e872218602c04a6646c7d7ef67ea1ca48f

    • SHA512

      3d719d3ed9996a751475ed2327812aa7e17b62f879a131330aece91f7c893ffe39fe565ad0b841af6d1fc6e0fc816e78c2d2ae6d81dd67c4b4f1ec96e5fa7bd5

    • SSDEEP

      12288:BOkBSWyhJEwYQZk6eqphpau3dP7AXC4bQqUwGeWTvFnr1Vu0qX8PytoWy2SGFj:IiSzviQZk6eqFJUCMG7drS0qX8Pytoi

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks