General

  • Target

    29e6d44753147ed82b462a46155bf27f_JaffaCakes118

  • Size

    421KB

  • Sample

    240509-pbd27abe57

  • MD5

    29e6d44753147ed82b462a46155bf27f

  • SHA1

    71eb92ae7e61a791e3fc2e502fbd756059c6afe8

  • SHA256

    145880ed94e0db3cab65cb54db4728520f1ac5f95ff2b0dda2650233542dd706

  • SHA512

    3bbfbee68ba8dafa2164a2d5cc9e66607f3901c48c774f2ee7d212364433ce6e75eadd95771bcaaee75c92fa9a23d8cc8bbfbbc436c176879fa53b5a6f282792

  • SSDEEP

    6144:IS1dm0XmZxcY5gtCdG0tR3XdoHHgjMNncgHyJUirSoUj1Rrlp4dW+dTUs8l3e:XPRXmvNSCIi3XUHgQNcYyCVTctdTU

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ajr

Decoy

cokefork.com

sunsabe.com

tactical-milsim.com

johnporcaro.com

quantqubit.com

ehrbar2012.com

dailymoringpages.com

masteronlineteams.com

signocomunicaciones.com

entrepreneur-de-demain.com

eve-echoes-data.com

readingbythewindow.com

quoteshark.net

mundoeconomic.com

bootlegmask.com

sporkedmissoula.com

claricitywealthplanning.net

lyotrade.net

brandtokitchens.com

blackstorymedia.com

Targets

    • Target

      29e6d44753147ed82b462a46155bf27f_JaffaCakes118

    • Size

      421KB

    • MD5

      29e6d44753147ed82b462a46155bf27f

    • SHA1

      71eb92ae7e61a791e3fc2e502fbd756059c6afe8

    • SHA256

      145880ed94e0db3cab65cb54db4728520f1ac5f95ff2b0dda2650233542dd706

    • SHA512

      3bbfbee68ba8dafa2164a2d5cc9e66607f3901c48c774f2ee7d212364433ce6e75eadd95771bcaaee75c92fa9a23d8cc8bbfbbc436c176879fa53b5a6f282792

    • SSDEEP

      6144:IS1dm0XmZxcY5gtCdG0tR3XdoHHgjMNncgHyJUirSoUj1Rrlp4dW+dTUs8l3e:XPRXmvNSCIi3XUHgQNcYyCVTctdTU

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks