General

  • Target

    2b3c4a317d8fc64ca9991aec36624e6d_JaffaCakes118

  • Size

    745KB

  • Sample

    240509-wsnfhsfe7w

  • MD5

    2b3c4a317d8fc64ca9991aec36624e6d

  • SHA1

    db802611ad8a645d12a609f596d152c2ea5d0d52

  • SHA256

    82f4ebd30b18743d8cc409de5931a978434755705af9bbfa3c6d8d0b34d30a6b

  • SHA512

    09cab61855eb7dffbe26a3ac51338510d74b5c6b7fbccb5610b295ac2ccf199c4b559ca3162b984689b535c9f7a53ee708671bba44c8fb3fbf5910aca77c0ef1

  • SSDEEP

    12288:k0QQSy3frualbxbrBsbkqgkEKjzH4tvF89:RSyrskJuc9

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtb

Decoy

kbsvipbags.com

grandma-salt.com

org-id100.info

marketobserverllc.com

robjmccarthy.com

orbitnest.com

7d5d.com

hotdealsallday.com

kaban-shitsuji.com

eivisionexport.com

luatfv.com

creationxbydom.com

realjuku.com

roast365.com

epis2020.com

schcman.com

xn--pimi-ooa.com

jobshustle.com

rightnewswire.com

seguonra.com

Targets

    • Target

      2b3c4a317d8fc64ca9991aec36624e6d_JaffaCakes118

    • Size

      745KB

    • MD5

      2b3c4a317d8fc64ca9991aec36624e6d

    • SHA1

      db802611ad8a645d12a609f596d152c2ea5d0d52

    • SHA256

      82f4ebd30b18743d8cc409de5931a978434755705af9bbfa3c6d8d0b34d30a6b

    • SHA512

      09cab61855eb7dffbe26a3ac51338510d74b5c6b7fbccb5610b295ac2ccf199c4b559ca3162b984689b535c9f7a53ee708671bba44c8fb3fbf5910aca77c0ef1

    • SSDEEP

      12288:k0QQSy3frualbxbrBsbkqgkEKjzH4tvF89:RSyrskJuc9

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks