General

  • Target

    29f92283750de72e762be0defcaaf7bc_JaffaCakes118

  • Size

    272KB

  • Sample

    240509-pnsfcacd52

  • MD5

    29f92283750de72e762be0defcaaf7bc

  • SHA1

    2375cd5381df116fcd4e548065a1a1f8e6d9d4f3

  • SHA256

    214252466a63120c1473180e5f4d2558f59a6a12aa8f3c38d3d5f45712965d7c

  • SHA512

    2b346d0898e63308fc88b7a7f0dc70bd3ec91ee835e3e46cbd05275030ba0a5ef02802ae31b033cc4d156fdca8a4d88e4c16ffdc75a21ec2387f051db68f95ad

  • SSDEEP

    6144:9mWaVTWFH0b/8FvlTbXOVj73t7ustHdepOPxKLQJ:AWhFc/8ZlNycpOJK

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

mk

Decoy

push-notifications.net

riopumpen.com

tourniquetleash.com

webjobsource.com

lovelouevents.com

exesac.com

zodiacleagues.com

detoutespetiteschoses.com

canondrop.com

588pz.com

townsvillewomenmarketplace.com

caramaschitopquality.com

1lrl.com

fg-lawchambers.com

sdbeishida.com

puregarciniacambogia.store

virtualcurrency.loan

retinaonline.store

memesclothes.com

wineflash.net

Targets

    • Target

      29f92283750de72e762be0defcaaf7bc_JaffaCakes118

    • Size

      272KB

    • MD5

      29f92283750de72e762be0defcaaf7bc

    • SHA1

      2375cd5381df116fcd4e548065a1a1f8e6d9d4f3

    • SHA256

      214252466a63120c1473180e5f4d2558f59a6a12aa8f3c38d3d5f45712965d7c

    • SHA512

      2b346d0898e63308fc88b7a7f0dc70bd3ec91ee835e3e46cbd05275030ba0a5ef02802ae31b033cc4d156fdca8a4d88e4c16ffdc75a21ec2387f051db68f95ad

    • SSDEEP

      6144:9mWaVTWFH0b/8FvlTbXOVj73t7ustHdepOPxKLQJ:AWhFc/8ZlNycpOJK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks