General

  • Target

    1fc9b5094b733179f1033890c79b2e41_JaffaCakes118

  • Size

    475KB

  • Sample

    240507-hljbbsge48

  • MD5

    1fc9b5094b733179f1033890c79b2e41

  • SHA1

    3f42f46d0398ae70f3435707c849fa7b7b9c62d3

  • SHA256

    816c9d6d36399c0ef5bb8d0334ef40ba6668cd043be104a4ec3f4291ae1a4b86

  • SHA512

    851a4874baa6206fe82ba7ee43df0211810b4390d91b7c70a02673e0826b1a7131c7da9c9b98e56a227d23daeb860957a5304281040b1580332c07f1f4f4cc84

  • SSDEEP

    12288:477BeRhC1p1Cy4FkRIni8oNX9gjOxMygi2svV:ocy54FJi8IyygHu

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

stn

Decoy

wlojz.com

nrvonlineconnection.com

miracleworldofent.com

homeswithcherry.com

yeye79791.com

scshanglv.com

webtradenetthebronx.com

dsg-worldwide.com

bakshibeauty.com

17784724521.com

broadswordsinc.com

weekendq.com

sfnetstu.com

ashitsuyo.com

9410pe.com

bankfxrates.com

baidumedical.com

ripchesterfield.com

teepakthai.com

sabattu.com

Targets

    • Target

      1fc9b5094b733179f1033890c79b2e41_JaffaCakes118

    • Size

      475KB

    • MD5

      1fc9b5094b733179f1033890c79b2e41

    • SHA1

      3f42f46d0398ae70f3435707c849fa7b7b9c62d3

    • SHA256

      816c9d6d36399c0ef5bb8d0334ef40ba6668cd043be104a4ec3f4291ae1a4b86

    • SHA512

      851a4874baa6206fe82ba7ee43df0211810b4390d91b7c70a02673e0826b1a7131c7da9c9b98e56a227d23daeb860957a5304281040b1580332c07f1f4f4cc84

    • SSDEEP

      12288:477BeRhC1p1Cy4FkRIni8oNX9gjOxMygi2svV:ocy54FJi8IyygHu

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Formbook payload

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks