General

  • Target

    2cc9f4a819185333bc946cbe1c550210_JaffaCakes118

  • Size

    910KB

  • Sample

    240510-cem32scd2w

  • MD5

    2cc9f4a819185333bc946cbe1c550210

  • SHA1

    6ce7d3ee1af2e3ec697dad4002d3b6e9110dba3d

  • SHA256

    2ffe3df675a097fefad87b0c66d028ff6a732dbd67f4385777c4fb52a3e60994

  • SHA512

    98d00d533510bad7fe70383733b90c82df1186871e03360480d5506111dee8b8bfe37844d880084af2d05624e0fcb22fd601a19bc53e6e30f340afdb09dd9856

  • SSDEEP

    24576:oNHCmvI0fjnjOgYwC4U4o5EOYf4yI7OUcaY:wfRLNYwtUD7OKY

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

te

Decoy

sharjo-begir2.xyz

shroomsmy.com

citestpridom20200814092033.net

alemaruy.com

etong-tech.com

lomomofarm.com

elitenailsupplyva.com

thoughtfulbuddhist.online

therealtalkers.com

castleemerald.net

ysksafety.com

amazingrealtors.net

sourcesharp.com

commentorsint.com

alinement-solutions.info

expressivepins.com

americanbullylover.com

calerie.net

poamerican.com

epicoutreach.events

Targets

    • Target

      2cc9f4a819185333bc946cbe1c550210_JaffaCakes118

    • Size

      910KB

    • MD5

      2cc9f4a819185333bc946cbe1c550210

    • SHA1

      6ce7d3ee1af2e3ec697dad4002d3b6e9110dba3d

    • SHA256

      2ffe3df675a097fefad87b0c66d028ff6a732dbd67f4385777c4fb52a3e60994

    • SHA512

      98d00d533510bad7fe70383733b90c82df1186871e03360480d5506111dee8b8bfe37844d880084af2d05624e0fcb22fd601a19bc53e6e30f340afdb09dd9856

    • SSDEEP

      24576:oNHCmvI0fjnjOgYwC4U4o5EOYf4yI7OUcaY:wfRLNYwtUD7OKY

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks