General

  • Target

    1e96b55fdd95824b3f3c5f2156be44c5_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240506-2h9hwsec81

  • MD5

    1e96b55fdd95824b3f3c5f2156be44c5

  • SHA1

    5ec468430b06c8a3c43f8ee20fb8a1ef5e41241f

  • SHA256

    caf8a53c2a1bbc6169474702cd71a047176f4e4c78244e2a1c2a82352ca97c25

  • SHA512

    e4f6aa43af7ccef63549438e514260c3d4381119c3a5f0991c23e91117803eb69072e8ad99afe3a3d5b638ffacc8ba35eefd688ba379dfcc2392731cb9b53a54

  • SSDEEP

    12288:oFpvKqiiQwvG9a9xl4JQ5+xa+3Ao1QdiLD/XG:CpvzQO9fMQ54azo1QALbG

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hx232

Decoy

kcmjdgf.com

live2attain.com

constellationgalaxy.com

anyandallpodcasts.com

ahsapfuarstandi.com

apoif.com

jointeambrandyn.com

thelifeof2kand1q.com

zhmzwhy.com

ilovefloattanks.com

thirdeyeproductionstep.com

karasing.online

bpyvyx.online

dingdingjiaoche.com

mrotcl.net

chargetimely.com

meesthetic.com

absence.ltd

zj-training.com

gzgpc07.com

Targets

    • Target

      1e96b55fdd95824b3f3c5f2156be44c5_JaffaCakes118

    • Size

      1.2MB

    • MD5

      1e96b55fdd95824b3f3c5f2156be44c5

    • SHA1

      5ec468430b06c8a3c43f8ee20fb8a1ef5e41241f

    • SHA256

      caf8a53c2a1bbc6169474702cd71a047176f4e4c78244e2a1c2a82352ca97c25

    • SHA512

      e4f6aa43af7ccef63549438e514260c3d4381119c3a5f0991c23e91117803eb69072e8ad99afe3a3d5b638ffacc8ba35eefd688ba379dfcc2392731cb9b53a54

    • SSDEEP

      12288:oFpvKqiiQwvG9a9xl4JQ5+xa+3Ao1QdiLD/XG:CpvzQO9fMQ54azo1QALbG

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks