General

  • Target

    251c58dc2f6f82c3e5b0e981acd37bd7_JaffaCakes118

  • Size

    556KB

  • Sample

    240508-q1ln1afd6w

  • MD5

    251c58dc2f6f82c3e5b0e981acd37bd7

  • SHA1

    d0b0356e0c0bd648a19265e7fecf932c4297de4a

  • SHA256

    6d84b80a81c14fb04f43ab811b261c38fc4ef5c1f8ab5a42ddd8d225b5986a6d

  • SHA512

    339c0dd6b3fde59ed263493cb17080592dbcb19a4cfe438f5937a35a231efb77d95309dc57e73eea7b1545077359a1a0affd2623f0001811db7e655fb8558fff

  • SSDEEP

    12288:htRtLnwJQM1os5g4/KCHbUINXU42aOXO:rRtEJQM4dqPi

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

h35

Decoy

maraudersinc.com

liebianwangluo.com

visit-australia.info

machiyane-kasukabe.com

hafizclub.com

merkburn.net

favoritetraffic2updating.win

adrian-oeser.net

nkshopdomaincpplt234.info

imperiodofutebol.com

welometocaloundra.com

thehealthypose.com

squalloptna.com

bobknowsbest.com

damgproperties.com

wastemastershire.co.uk

swacballet.com

japanbreakingnews.com

bjufaa.info

aryakuza.com

Targets

    • Target

      251c58dc2f6f82c3e5b0e981acd37bd7_JaffaCakes118

    • Size

      556KB

    • MD5

      251c58dc2f6f82c3e5b0e981acd37bd7

    • SHA1

      d0b0356e0c0bd648a19265e7fecf932c4297de4a

    • SHA256

      6d84b80a81c14fb04f43ab811b261c38fc4ef5c1f8ab5a42ddd8d225b5986a6d

    • SHA512

      339c0dd6b3fde59ed263493cb17080592dbcb19a4cfe438f5937a35a231efb77d95309dc57e73eea7b1545077359a1a0affd2623f0001811db7e655fb8558fff

    • SSDEEP

      12288:htRtLnwJQM1os5g4/KCHbUINXU42aOXO:rRtEJQM4dqPi

    • Detect ZGRat V1

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks