General

  • Target

    2b57098751a9c78d2990b3050460d341_JaffaCakes118

  • Size

    724KB

  • Sample

    240509-w92z8sgh4t

  • MD5

    2b57098751a9c78d2990b3050460d341

  • SHA1

    d7b25f469904ae214ce423f7a264dbc993630fbd

  • SHA256

    8b0c88ecea508a1d13d1a6b5ef32af213e5d80527fd489efb7f1cc6a29f00af3

  • SHA512

    5887c418cd6e91350d3fb82da7ced73486b182f75778c8f0d891a1dcc7cfdf40a39aa46775398778427c01e6abf56aa561302ba1302c7dada77f22e1fdba4833

  • SSDEEP

    12288:FkXOU51w5qnnf9aG3EV+M6qzvXkqYJZAbMMYAzMkFpTehIzSh:OeMbnn7EIqzATGMMYAzMKT2US

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pp0

Decoy

take.digital

riegerh.info

kpopdl.com

victorshealthsupplements.com

drsachingoel.com

onekecoin.com

nookest.com

laurenceleclaire.com

easykeys.info

xiaobeiwo.net

stancash.com

facetimelapse.com

threadlocks.life

af1seven.loan

tonirovka-avto.store

planningfor.jobs

jiajiawang168.com

mceffects.com

871xwn.info

topcriminaljusticedegrees.sale

Targets

    • Target

      2b57098751a9c78d2990b3050460d341_JaffaCakes118

    • Size

      724KB

    • MD5

      2b57098751a9c78d2990b3050460d341

    • SHA1

      d7b25f469904ae214ce423f7a264dbc993630fbd

    • SHA256

      8b0c88ecea508a1d13d1a6b5ef32af213e5d80527fd489efb7f1cc6a29f00af3

    • SHA512

      5887c418cd6e91350d3fb82da7ced73486b182f75778c8f0d891a1dcc7cfdf40a39aa46775398778427c01e6abf56aa561302ba1302c7dada77f22e1fdba4833

    • SSDEEP

      12288:FkXOU51w5qnnf9aG3EV+M6qzvXkqYJZAbMMYAzMkFpTehIzSh:OeMbnn7EIqzATGMMYAzMKT2US

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks