General

  • Target

    2a9a30eec97ab00aa5383eb5b7b39e4c_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240509-ssdpjagf6z

  • MD5

    2a9a30eec97ab00aa5383eb5b7b39e4c

  • SHA1

    4e557ee5f1c71f649ec7c700d4d8582bce462db3

  • SHA256

    61c879a82dd2352181a729b07d05a8d4c871a120a1ca69a673892b7ecb5b95c1

  • SHA512

    fdc1dc6795d746be2a695498d718b88f3debebe636f4fbef7b7858dfb64ed3a9f1aebf29287a1d880aa0ac1f05f410ebc9097de8a5501020e3e309677dc1387b

  • SSDEEP

    12288:Dvm7Ib5morl71BT1c2rtHCaDKUdaKAM9J1VyAtR9jphJYIcjdLtophIm9wIdAksQ:Uri1fHhH2MM+9VXfpC0w2AM2m

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

l7

Decoy

water360.net

mantle-liquid.com

crypto1st.com

zhangying7.com

macsupportusa.online

hellocellular.online

linkhay.info

equipoprofesional.online

happyholi2017.com

halobuilders.net

gaelleautin.com

kateklamer.com

keyarmor.com

sandamall.com

livifyfe.com

pkmuxb.ink

precios10.com

baitongjxgs.com

pinnacle175.com

dlpansr.com

Targets

    • Target

      2a9a30eec97ab00aa5383eb5b7b39e4c_JaffaCakes118

    • Size

      1.1MB

    • MD5

      2a9a30eec97ab00aa5383eb5b7b39e4c

    • SHA1

      4e557ee5f1c71f649ec7c700d4d8582bce462db3

    • SHA256

      61c879a82dd2352181a729b07d05a8d4c871a120a1ca69a673892b7ecb5b95c1

    • SHA512

      fdc1dc6795d746be2a695498d718b88f3debebe636f4fbef7b7858dfb64ed3a9f1aebf29287a1d880aa0ac1f05f410ebc9097de8a5501020e3e309677dc1387b

    • SSDEEP

      12288:Dvm7Ib5morl71BT1c2rtHCaDKUdaKAM9J1VyAtR9jphJYIcjdLtophIm9wIdAksQ:Uri1fHhH2MM+9VXfpC0w2AM2m

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks