General

  • Target

    0ea74d1286663cd2c3c1840403c7f154_JaffaCakes118

  • Size

    573KB

  • Sample

    240502-qx9xescb44

  • MD5

    0ea74d1286663cd2c3c1840403c7f154

  • SHA1

    6067e1e3622e43564953c18d166aca728ea89c88

  • SHA256

    40f90f1d2d2296753550fd3a60e2dcd0cb068fe1da3fe7b29e54e2da79ffdfe1

  • SHA512

    dcd0279795962be311aa396864ae04f17e820119d3b17f02f40c2b40f78388c4b77ed720602f8b7e537fb6ce45ce8ddd0e3aa26476831f5adb7c5c19846dfdb8

  • SSDEEP

    12288:h2MFUTY5IypXQh8MRttHYma5qiyiUC4DXE+R6lWS++r:QMYFh8MRttHZQys8XWWSRr

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cda

Decoy

vocdzt.com

leonardogacitua.com

memotorsportcoupling.com

askthetravelgateway.com

zy8599.com

motolujosrayo.info

ourshotsdostuff.com

freddiesplaypad.com

cuckdorsey.com

csmlisting.com

healthearizona.plus

oilyusa.com

paintprotectionfilmguys.com

allthingsempath.science

gulmed.club

christiansingles-app.com

meliemelsdecor.com

originalgamerwear.com

sexybet333.com

theejuly.com

Targets

    • Target

      0ea74d1286663cd2c3c1840403c7f154_JaffaCakes118

    • Size

      573KB

    • MD5

      0ea74d1286663cd2c3c1840403c7f154

    • SHA1

      6067e1e3622e43564953c18d166aca728ea89c88

    • SHA256

      40f90f1d2d2296753550fd3a60e2dcd0cb068fe1da3fe7b29e54e2da79ffdfe1

    • SHA512

      dcd0279795962be311aa396864ae04f17e820119d3b17f02f40c2b40f78388c4b77ed720602f8b7e537fb6ce45ce8ddd0e3aa26476831f5adb7c5c19846dfdb8

    • SSDEEP

      12288:h2MFUTY5IypXQh8MRttHYma5qiyiUC4DXE+R6lWS++r:QMYFh8MRttHZQys8XWWSRr

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks