General

  • Target

    115ac163b96548eba530675c351bb27c_JaffaCakes118

  • Size

    276KB

  • Sample

    240504-dw8lrabh7v

  • MD5

    115ac163b96548eba530675c351bb27c

  • SHA1

    fff4a29cfcb9d9dc0ca19981a8ec3e47cd22880b

  • SHA256

    58182cbb334d50f9758cd669ead059ddd8902fe0902bc8e3a9b5d9ad21906a0d

  • SHA512

    f79fd2b02a15c6e84acc3a3498ff2389aaa8fe61cf116c61b58d37379156f28887018a23e07a0cfcf59f9b95650887dddc29fa41dedbe1e6aa377976abbccb67

  • SSDEEP

    6144:DeaV3wHul19+kXmTS12W7ryjAXIu/P70:DlaOl1AkXmINrysXIu/P70

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

r4

Decoy

kbsmg.com

gracefullycrazy.com

guringawaward.com

paddlecuyuna.com

checkmate-info.com

karachi.biz

strokeandsoul.com

littlevulture.com

thecubo.com

regulatorymentor.com

vanfinderwales.com

residentialbuilder.info

zshdsp.com

bogueassetmanagement.net

wait-min.site

4863666.com

shurenwang.group

websitesforwellness.group

coilenergyservices.com

easy-potenzmittel-rechnung.men

Targets

    • Target

      115ac163b96548eba530675c351bb27c_JaffaCakes118

    • Size

      276KB

    • MD5

      115ac163b96548eba530675c351bb27c

    • SHA1

      fff4a29cfcb9d9dc0ca19981a8ec3e47cd22880b

    • SHA256

      58182cbb334d50f9758cd669ead059ddd8902fe0902bc8e3a9b5d9ad21906a0d

    • SHA512

      f79fd2b02a15c6e84acc3a3498ff2389aaa8fe61cf116c61b58d37379156f28887018a23e07a0cfcf59f9b95650887dddc29fa41dedbe1e6aa377976abbccb67

    • SSDEEP

      6144:DeaV3wHul19+kXmTS12W7ryjAXIu/P70:DlaOl1AkXmINrysXIu/P70

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks