General

  • Target

    2dad18ca8463273f701f13847bce7790_JaffaCakes118

  • Size

    491KB

  • Sample

    240510-gm6btaab54

  • MD5

    2dad18ca8463273f701f13847bce7790

  • SHA1

    646e94569498d50ceaeb82dc209a147cd72d0a2b

  • SHA256

    6ae73a16633fc02a2710ef06d166cfae655774a73d7509afff0b0b81d0ed75b8

  • SHA512

    d4bb8ee6fb20e0d196e8dddb847ef723c7ce6fffe5587b4347be11c8ec5223809dda9ef1e996afc40a8547b739ee376105d70ec777999bed1fa023626c031fe8

  • SSDEEP

    12288:PYFqSpKaxDx3IcS94WsjAkBHZWNcuTQC1YlXdE0heWQn:gFqypxGnmjdZjEYlt/e/n

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

h323

Decoy

sanfransiscolotto.com

mcginnisformayor.com

puer-energy.net

hieusport.com

alevelcourse.net

excelcium-promotion.info

waehlergemeinschaft-bergen.com

capstone-asphalt.com

ppacspromsecureproved3.info

bm9993.com

zhuozixf119.com

sgy64dq.ink

qukuaifun.com

boletosdeavion.store

ministeriofaceaface.com

xn--fiq06lpuc3zab58o04p.com

sunglassessales.win

jano.tech

tillillishop.com

tyty544.com

Targets

    • Target

      Doc20189700.exe

    • Size

      545KB

    • MD5

      7bce7d55931c5f34701501a38aa95cd3

    • SHA1

      7af77f1afe68b94a6617ac9a1ed5d21b66ca4008

    • SHA256

      742be802e5d909d41c46fd374e6682f0467003e03f5387f37fe18d407322e5a5

    • SHA512

      7bb4e470452a1f0dcd2bcc247c179d3c41b3fdac2aa694f6c79f7af71605226648ad3b57129f3930f85c7b10fc4329a622cbb7ffc27fe9fbb1b7aa4258a742c7

    • SSDEEP

      12288:WwSpsazDx3ScS946sj0kBFZWHcupoC+22bFK9Z47:1yDzcn4jrZTrJbG4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks