General

  • Target

    2076f3389e743659dcb4daef802479f3_JaffaCakes118

  • Size

    412KB

  • Sample

    240507-nt3b3aha36

  • MD5

    2076f3389e743659dcb4daef802479f3

  • SHA1

    e29db627de75b18e61fcaa452b44b6609def8cb7

  • SHA256

    faf0518430f6333ff6fe2e3c51bb69cd3a1be29511aaa8b568b96945b4ff18ed

  • SHA512

    828fa0929acb64f78c46476121c2053c32ee682f812fa23f98ccd9143facba38230cd0da04bef5f81935c8791bae5605a38b05e2f45586be0ff1e3370e4b4811

  • SSDEEP

    6144:u07TDvqyS2EEBFH0WbMtg9mOYm/k+M84bCQM8475:xTDvq1C5XQq9mOr/k+M8Pd84

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

cu

Decoy

szmsdwl.com

sansurftowntesting.rocks

mixingtheworld.com

jagadhribartanbhandar.com

albanypieshop.com

tago.ltd

lmwellnessgroup.com

xn--vb0bj6jvrexvt.com

180pe.com

1l1threecome.men

visualgraphicarts.science

ecofitlife.com

kearneygeneralcontracting.com

stmarysbandclub.info

jinshucaijing.com

mariahdawson.com

tophoteluniverse.com

yastudent.com

fastrautoservice.com

fslgt.com

Targets

    • Target

      2076f3389e743659dcb4daef802479f3_JaffaCakes118

    • Size

      412KB

    • MD5

      2076f3389e743659dcb4daef802479f3

    • SHA1

      e29db627de75b18e61fcaa452b44b6609def8cb7

    • SHA256

      faf0518430f6333ff6fe2e3c51bb69cd3a1be29511aaa8b568b96945b4ff18ed

    • SHA512

      828fa0929acb64f78c46476121c2053c32ee682f812fa23f98ccd9143facba38230cd0da04bef5f81935c8791bae5605a38b05e2f45586be0ff1e3370e4b4811

    • SSDEEP

      6144:u07TDvqyS2EEBFH0WbMtg9mOYm/k+M84bCQM8475:xTDvq1C5XQq9mOr/k+M8Pd84

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks