General

  • Target

    19a022e9ee73b56285fa5265b24006ec_JaffaCakes118

  • Size

    324KB

  • Sample

    240505-254k6aca73

  • MD5

    19a022e9ee73b56285fa5265b24006ec

  • SHA1

    51a4cfb3a1f13996ad368279264861c5636a45be

  • SHA256

    91e041ff14916fd2d84ca5413a2f639d388933fdd43b537394323934b22eb7c6

  • SHA512

    fcb7586dbcf98ce809d060f0f09e0d2e281b12335480e424fc21e6c464d3d04149e8f4a722ef5c3effcedb6d753222ae16c5bffb22c370c279516f286b612f80

  • SSDEEP

    6144:QY82zbT1zASv7iuOfC0bZ78qIZJ0umY2rGd7Bw:h9ESvj0d7t0J0uQGdF

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

hx341

Decoy

cxdgif.com

francescaluoying.com

coastguardsafetykit.com

mydivinesoulecho.net

bild-de.online

cluballsports.pub

compassionculinary.com

international.place

couch-potato.online

paytrendaftaronline.com

drfeelgood.online

guawear.com

26138ss.com

self90.com

amandaoffermann.com

wishfreedomsolutions.info

45bf.com

soulfuldoterra.com

contexto.digital

georgebillions.com

Targets

    • Target

      19a022e9ee73b56285fa5265b24006ec_JaffaCakes118

    • Size

      324KB

    • MD5

      19a022e9ee73b56285fa5265b24006ec

    • SHA1

      51a4cfb3a1f13996ad368279264861c5636a45be

    • SHA256

      91e041ff14916fd2d84ca5413a2f639d388933fdd43b537394323934b22eb7c6

    • SHA512

      fcb7586dbcf98ce809d060f0f09e0d2e281b12335480e424fc21e6c464d3d04149e8f4a722ef5c3effcedb6d753222ae16c5bffb22c370c279516f286b612f80

    • SSDEEP

      6144:QY82zbT1zASv7iuOfC0bZ78qIZJ0umY2rGd7Bw:h9ESvj0d7t0J0uQGdF

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks