General

  • Target

    124f0b93c79dd5fba12c0b64eefd58aa_JaffaCakes118

  • Size

    298KB

  • Sample

    240504-mg764sbb6w

  • MD5

    124f0b93c79dd5fba12c0b64eefd58aa

  • SHA1

    ad864f5bfae0639e1dd87fc9c0965aa2744e43e6

  • SHA256

    94c8217c6ca6741440e10e50742b44835eddba76885f5867ab776b3fe6e5f8d5

  • SHA512

    c7221819d789a5bb1d0368d39ab03e05393eaa84a8ccf3df3dd4ca9a4e8dd3f535566c49ae839545e972fdaaac2a4e550f9ff31248a3d8ba0b9f4761b19ebbf6

  • SSDEEP

    6144:Muv6nLXXc26fSgwcWG/dv41lN+5FzluPpC4rqdLXS:IzcxSg3Bd+O9uPp/+1XS

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

be

Decoy

linkedinideas.com

conceptcultivation.com

jerecyclemescapsules.com

waroenginggris.com

theparentslogue.com

yitongmoney.com

zonageneral.info

theeasyindia.com

scetup.net

alqcfka.com

canadensiscannabis.com

nouveaumonde-social.com

villerai.com

7665k.com

buzzfeedam2dm.net

8358358.com

tfuidw.men

brctsrm.com

kheyul.info

brotwirsthaus.com

Targets

    • Target

      124f0b93c79dd5fba12c0b64eefd58aa_JaffaCakes118

    • Size

      298KB

    • MD5

      124f0b93c79dd5fba12c0b64eefd58aa

    • SHA1

      ad864f5bfae0639e1dd87fc9c0965aa2744e43e6

    • SHA256

      94c8217c6ca6741440e10e50742b44835eddba76885f5867ab776b3fe6e5f8d5

    • SHA512

      c7221819d789a5bb1d0368d39ab03e05393eaa84a8ccf3df3dd4ca9a4e8dd3f535566c49ae839545e972fdaaac2a4e550f9ff31248a3d8ba0b9f4761b19ebbf6

    • SSDEEP

      6144:Muv6nLXXc26fSgwcWG/dv41lN+5FzluPpC4rqdLXS:IzcxSg3Bd+O9uPp/+1XS

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks