General

  • Target

    2b339850ba96bb3c8308c70acd7ac521_JaffaCakes118

  • Size

    458KB

  • Sample

    240509-wmfhqaab88

  • MD5

    2b339850ba96bb3c8308c70acd7ac521

  • SHA1

    4c497319129abac43989a7a75c4ff8d3fee9554e

  • SHA256

    2040586dd9fea01ac08b13748962e9c7ec2bebd618d92543f260984b2eebc352

  • SHA512

    bba4a5d960e100295b7e2c33edfbc2e922ca12a92d43a7ec122f4d2dec33579abd38e4ef69134ed8e35bbbb8cc83efcaf7e67f1f5f2dfa6fc4c54bcd29eea401

  • SSDEEP

    12288:OSLFxvaN9Se5U17u1KFHeSJ7zdGUvVbCY:rFI9UqKNeSJ7zdGUB

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

vi

Decoy

thehealingcentersintl.com

moiuc.com

foundationtsecuritysn.win

dmorganconstruction.com

rcyg-luxgen.com

xn--9iqxb19lb98e.com

method19baseball.com

caitlinsculpts.com

xn--tpqt61am2s90v.com

clu2007.com

avto-4x4.com

newcode315.com

earnshort.com

instamanga.click

entruempelungs.taxi

brownpaperitckets.com

prepster-inc.com

espacoredator.com

pacificartspublishing.com

ekohelper.net

Targets

    • Target

      2b339850ba96bb3c8308c70acd7ac521_JaffaCakes118

    • Size

      458KB

    • MD5

      2b339850ba96bb3c8308c70acd7ac521

    • SHA1

      4c497319129abac43989a7a75c4ff8d3fee9554e

    • SHA256

      2040586dd9fea01ac08b13748962e9c7ec2bebd618d92543f260984b2eebc352

    • SHA512

      bba4a5d960e100295b7e2c33edfbc2e922ca12a92d43a7ec122f4d2dec33579abd38e4ef69134ed8e35bbbb8cc83efcaf7e67f1f5f2dfa6fc4c54bcd29eea401

    • SSDEEP

      12288:OSLFxvaN9Se5U17u1KFHeSJ7zdGUvVbCY:rFI9UqKNeSJ7zdGUB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks