General

  • Target

    0efccf2448b8817b3c91eb70cb0be8ee_JaffaCakes118

  • Size

    679KB

  • Sample

    240502-tr34gacf7s

  • MD5

    0efccf2448b8817b3c91eb70cb0be8ee

  • SHA1

    6a90ab3e7b1e93616f18eca453b15c334a361985

  • SHA256

    9619240faf2829361a26d9efc70b1c03f63b342f368ec959eb31e467011196b1

  • SHA512

    faf33661d969437387a57bbec346a92b3d62f9381c742ca74c7c5c61b6e730c6e29d1a28540240b9c41dbe04e906fd39c6f6fc9696a3b86358fa6f434431c895

  • SSDEEP

    12288:nsCOryB5QNN5JIrumfugKrcvi4nWV36s8e58217hAvhar+TT8gL:sb65+JIr1uvY7WF6sT5LZ8q

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ehau

Decoy

faerdeng.com

whephe.com

annergydesigns.net

goto.chat

okefwp.promo

antonelladesarno.net

millroad-x7.net

profectus-capital.com

rakthaifestival.com

hitgeneticpupil.com

changediary.com

crossnets.com

nuvo2.com

xuongdochoigo.com

sharktankupdated.com

cliqueinherd.com

plainviewhotel.com

bobfilm-hd.com

2642harrison.com

thehandmadebow.net

Targets

    • Target

      0efccf2448b8817b3c91eb70cb0be8ee_JaffaCakes118

    • Size

      679KB

    • MD5

      0efccf2448b8817b3c91eb70cb0be8ee

    • SHA1

      6a90ab3e7b1e93616f18eca453b15c334a361985

    • SHA256

      9619240faf2829361a26d9efc70b1c03f63b342f368ec959eb31e467011196b1

    • SHA512

      faf33661d969437387a57bbec346a92b3d62f9381c742ca74c7c5c61b6e730c6e29d1a28540240b9c41dbe04e906fd39c6f6fc9696a3b86358fa6f434431c895

    • SSDEEP

      12288:nsCOryB5QNN5JIrumfugKrcvi4nWV36s8e58217hAvhar+TT8gL:sb65+JIr1uvY7WF6sT5LZ8q

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks