General

  • Target

    28d109c8ae793e4166f571c33862b727_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240509-hrh8hshh86

  • MD5

    28d109c8ae793e4166f571c33862b727

  • SHA1

    bfb670e54ce2ec6caf7e3dcee84f013c50913a82

  • SHA256

    72430a2f734d2e80b7f465382cf3d0cb0f640fff26bf1d98ccec2430cdc9fb2d

  • SHA512

    45f5499f314f8a18f33e52bcd347f69ebf2f8cc660e5bb436ca2f43d46bfcf12744ccfdd4e0c432d692665dd9885edb3da71342ed3b332d6ab93944706e0766e

  • SSDEEP

    24576:+e4dCkuNAU5WbbjpttWxYj0Jonxrj+cuU:+fuu/DtWxZJUl+cu

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ob

Decoy

humblefamilydentist.com

as4rff.faith

duanroyalhill.com

goodday6688.com

naylorcourtlofts.com

lighthouse-landing.com

internationaldiplomat.net

thedutchkeys.com

theperfecttouchfloraldesign.com

guidatravel.com

superaffiliateprolist.com

dbishirts.com

testaddnewdomains.academy

wshx999.com

disneylandcentral.com

livingwagecoalition.com

takaosan.online

tv16575.info

parsited.com

taschemichaelkors.info

Targets

    • Target

      28d109c8ae793e4166f571c33862b727_JaffaCakes118

    • Size

      1.4MB

    • MD5

      28d109c8ae793e4166f571c33862b727

    • SHA1

      bfb670e54ce2ec6caf7e3dcee84f013c50913a82

    • SHA256

      72430a2f734d2e80b7f465382cf3d0cb0f640fff26bf1d98ccec2430cdc9fb2d

    • SHA512

      45f5499f314f8a18f33e52bcd347f69ebf2f8cc660e5bb436ca2f43d46bfcf12744ccfdd4e0c432d692665dd9885edb3da71342ed3b332d6ab93944706e0766e

    • SSDEEP

      24576:+e4dCkuNAU5WbbjpttWxYj0Jonxrj+cuU:+fuu/DtWxZJUl+cu

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks