General

  • Target

    246b8a3300e87c961b0cb85a1d485597_JaffaCakes118

  • Size

    862KB

  • Sample

    240508-mhq9zsfh8s

  • MD5

    246b8a3300e87c961b0cb85a1d485597

  • SHA1

    31f92a80c5c88995fd6c29c75559d428fd1eb904

  • SHA256

    5155cbca08d97a5eaf47b303ecf752cc305bb273308ce79a67bdc4b35d2f41d0

  • SHA512

    4b79dfc44aeb4c3952d7038986d23eff1f0b528b61d400803c732c4b3e78415af9f72b5acf1e9a251420546a4b87604b8a4f2704517efad4f0de9eebdc5ab01d

  • SSDEEP

    12288:mbly675yJo0juRXhT4MghC35C6HWYeOmtHL+Qmznaj1eClK8KbCiZW:R6ca0jux+Bs3HjmtHLXxeAz0V

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

btl

Decoy

kyliefeet.com

scotia8web.com

nsclcdrivers.com

that-store.com

tempestchs.com

jonathandowney.info

skincentrolaser.com

villagetherapyatlanta.com

thesurgeshow.com

rwflottery.com

mutinysoundproject.com

snyxsz.com

sahovic.net

alexaneroux.com

nataliamedellinm.com

aplofer.info

leagacyrealty.com

ropescan.com

allintogo.com

punjabifactory.com

Targets

    • Target

      246b8a3300e87c961b0cb85a1d485597_JaffaCakes118

    • Size

      862KB

    • MD5

      246b8a3300e87c961b0cb85a1d485597

    • SHA1

      31f92a80c5c88995fd6c29c75559d428fd1eb904

    • SHA256

      5155cbca08d97a5eaf47b303ecf752cc305bb273308ce79a67bdc4b35d2f41d0

    • SHA512

      4b79dfc44aeb4c3952d7038986d23eff1f0b528b61d400803c732c4b3e78415af9f72b5acf1e9a251420546a4b87604b8a4f2704517efad4f0de9eebdc5ab01d

    • SSDEEP

      12288:mbly675yJo0juRXhT4MghC35C6HWYeOmtHL+Qmznaj1eClK8KbCiZW:R6ca0jux+Bs3HjmtHLXxeAz0V

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks