General

  • Target

    23dc2a640442410ae6c23a73c2e2ae52_JaffaCakes118

  • Size

    448KB

  • Sample

    240508-jjgv6ahg7w

  • MD5

    23dc2a640442410ae6c23a73c2e2ae52

  • SHA1

    9933e0318d92fd2759068df828158e59035310c6

  • SHA256

    bccde349905fcc2c6c393e3f8664d37e640fbd8ec43fbdf47ab899fe8b443344

  • SHA512

    feb7bc136c8d08ac370f51e55b63a0fb595f59521fea3fc00eb2e7742e8368b26ecf1363d8030e96552333f7252e5f0ce6e6fec7b88e1c99caa3c59776d92a46

  • SSDEEP

    6144:kKUuubOrWe8ohBkSxZKx95h2ktgZHcNOEcG5WpJvpc22:kUuGmohBdKz5h2kO8cVGMpJRM

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ts

Decoy

tablenook.com

referenceyouraccount.com

google-adw.site

xiangyu0769.com

arvoliittaa-nouwakasaitama.com

www473234.com

oneudy.com

vleku.com

beyonnc.com

aguirre.solutions

51hdz.com

pipe.ventures

productandconcept.com

comprar-ahora.com

migraineproject.com

tinder-match.express

itacruisebig.live

cryptostrength.com

61999w.com

makits.net

Targets

    • Target

      23dc2a640442410ae6c23a73c2e2ae52_JaffaCakes118

    • Size

      448KB

    • MD5

      23dc2a640442410ae6c23a73c2e2ae52

    • SHA1

      9933e0318d92fd2759068df828158e59035310c6

    • SHA256

      bccde349905fcc2c6c393e3f8664d37e640fbd8ec43fbdf47ab899fe8b443344

    • SHA512

      feb7bc136c8d08ac370f51e55b63a0fb595f59521fea3fc00eb2e7742e8368b26ecf1363d8030e96552333f7252e5f0ce6e6fec7b88e1c99caa3c59776d92a46

    • SSDEEP

      6144:kKUuubOrWe8ohBkSxZKx95h2ktgZHcNOEcG5WpJvpc22:kUuGmohBdKz5h2kO8cVGMpJRM

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks