General

  • Target

    16b37e1c485c94e3d1250e878d393b1f_JaffaCakes118

  • Size

    737KB

  • Sample

    240505-jrrqbsbf7v

  • MD5

    16b37e1c485c94e3d1250e878d393b1f

  • SHA1

    29686051a447d45294c79e8b150c484b9d5df412

  • SHA256

    359440df1e4a2a524982d61b525e45aee7c32bf267a634c2ae150ebf88e9e646

  • SHA512

    24b49bbc13d39586c19116534ef833191761618e8fde0cf1b0eecf32a8d6caf1cd8e631f26c5769a447c8d6fabb6bfe17174bc1ce0612fb4765e536748eaed6c

  • SSDEEP

    12288:r/c6xTgK8nyl7B3ubmmFuzKb7LSKQ2KfKH/A7qg+esTCm:7lmKN3Am34Sl2kq/AQ2m

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

a1

Decoy

imissalis.com

quratedcollection2017.com

sbb120.com

023xykj.com

yurdental.com

pinnaclementors.com

gettingbeeshome.com

culturalytics.com

projectsweatexperience.com

lyljk.com

lamaketang.com

sosaclean.com

justcallhome.net

showdeofertasnet.com

laruta93.com

want-to.date

htxconstructionconsulting.com

orangegroupcr.com

nguyenquyetdinh.com

ghostmonarch.com

Targets

    • Target

      16b37e1c485c94e3d1250e878d393b1f_JaffaCakes118

    • Size

      737KB

    • MD5

      16b37e1c485c94e3d1250e878d393b1f

    • SHA1

      29686051a447d45294c79e8b150c484b9d5df412

    • SHA256

      359440df1e4a2a524982d61b525e45aee7c32bf267a634c2ae150ebf88e9e646

    • SHA512

      24b49bbc13d39586c19116534ef833191761618e8fde0cf1b0eecf32a8d6caf1cd8e631f26c5769a447c8d6fabb6bfe17174bc1ce0612fb4765e536748eaed6c

    • SSDEEP

      12288:r/c6xTgK8nyl7B3ubmmFuzKb7LSKQ2KfKH/A7qg+esTCm:7lmKN3Am34Sl2kq/AQ2m

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks