General

  • Target

    22c773d478e58709306d15cc86c6097e_JaffaCakes118

  • Size

    652KB

  • Sample

    240508-crxs1sgb27

  • MD5

    22c773d478e58709306d15cc86c6097e

  • SHA1

    aead34495b9fbb8c64d63524f0e2b127fecea6a1

  • SHA256

    19dea1877949b3d0b99cf91fdd68e376fbc74d25fc914ce497f00ca0ecff77ce

  • SHA512

    04081f064603023edfd1da35de6ba0d7a662078ea456a0708a9df247710921a5a28a496ff9a2492ce369664b15b8fc26d405e471b5cee178e8b1c4663f3c824c

  • SSDEEP

    6144:T75yLTtJ12bxs/2Mbavm/cSNTgSRgR0QdSdfslVOU6an295l5fDTWSnLGHIVifW6:TiT8tM0mUeTaGQdnUjU+TfvWSgfW4p

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

h9s

Decoy

domidu.com

twelvei.com

palchecker.com

onariart.com

thescarfhut.com

alimotorsandbikes.com

brianneamira.com

tabwindow.com

babybabymom.com

howtostartanllcbusiness.com

cjaiou.com

californiamentoring.com

21millionbits.com

metgranite.com

ujphy.com

8eves.com

backstorysongs.com

www835234.com

szshijia.com

alquimarket.com

Targets

    • Target

      Doc53436.exe

    • Size

      592KB

    • MD5

      0a97fae0860363de54832184dfd95952

    • SHA1

      b7169157062c6e27c3b093e70e7e88fe72a35d36

    • SHA256

      9f7c3f92efbdaec249b532ceb5f3d3e310c7142b7d327fb6f73fc6899781e59d

    • SHA512

      2900967160a6b3e7749281700031bd4f3869391ed52a35218a51fd926fce21076376458fd20a193b8672e10b803e4b821b1939708c9670e1588bfe259168ff6f

    • SSDEEP

      6144:175yLTtJ12bxs/2Mbavm/cSNTgSRgR0QdSdfslVOU6an295l5fDTWSnLGHIVifW6:1iT8tM0mUeTaGQdnUjU+TfvWSgfW4p

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Adds policy Run key to start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks