General

  • Target

    28d2e5597774e7f480632172b2cc9566_JaffaCakes118

  • Size

    312KB

  • Sample

    240509-hspfxsfb2y

  • MD5

    28d2e5597774e7f480632172b2cc9566

  • SHA1

    fb55799c7b2bc8be3acbd5d1d807bb71691d0066

  • SHA256

    384259c00ebd95e2c66d3555e2022e8b41c7cdf9f1e06c02944ad7614d77ec17

  • SHA512

    1d837fc6d4bc6b5f6b5a8116bbbdb4b419124f80cd7e4ed0ec11b405dce114360376de24861f669a206921dfc4639085b85ee2766122501eccc6d617aaffc723

  • SSDEEP

    3072:xR8BK+VulPnkDsIxnu8gyz8eOkgcjIabtBvaV36HwlG/mNM73HhfOU8IJEsTlB5c:/lfKsIxnu8XxBjLbthNQdqT9OdG5Fup

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch92

Decoy

gccgeek.com

movshare.site

quickwall-hk.com

exim.red

szjincaiwenkj.com

premaos.com

vns55555555.com

acupofheather.com

foodshop.info

seofootball.win

cdlapaz.com

citybuildingmaint.com

tubxdb.com

cmicbank.com

vitabeadsny.com

huilinge.com

banucapar.net

reefrenovations.com

yimsmall.com

buyonegetone.store

Targets

    • Target

      28d2e5597774e7f480632172b2cc9566_JaffaCakes118

    • Size

      312KB

    • MD5

      28d2e5597774e7f480632172b2cc9566

    • SHA1

      fb55799c7b2bc8be3acbd5d1d807bb71691d0066

    • SHA256

      384259c00ebd95e2c66d3555e2022e8b41c7cdf9f1e06c02944ad7614d77ec17

    • SHA512

      1d837fc6d4bc6b5f6b5a8116bbbdb4b419124f80cd7e4ed0ec11b405dce114360376de24861f669a206921dfc4639085b85ee2766122501eccc6d617aaffc723

    • SSDEEP

      3072:xR8BK+VulPnkDsIxnu8gyz8eOkgcjIabtBvaV36HwlG/mNM73HhfOU8IJEsTlB5c:/lfKsIxnu8XxBjLbthNQdqT9OdG5Fup

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks