General

  • Target

    2ea720e08d23620eec19036e1e019fde_JaffaCakes118

  • Size

    472KB

  • Sample

    240510-mejezahb5z

  • MD5

    2ea720e08d23620eec19036e1e019fde

  • SHA1

    e125ebf7c78ab570425a496482797c46783bc3c6

  • SHA256

    c2b83fb9b026ac37aaa0fa3599494f848c7d2ecd4da2493e6842fba00b31dba0

  • SHA512

    ce91403211d6b03bde8b94bcd0d961e7685b8d34e506882b96d58fea9234a4a48038eab5828a2ea349325a970032ce7b8f3e167233091b67785d3f9ef95992eb

  • SSDEEP

    6144:HfiZD08oqA7ik/P0QQnSoQ/NITl0OdjNSImQl2t88gfw3FU76wF:HfxHqAek/GS7BQYIp2t88XVUnF

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

sl

Decoy

man085.com

splnkr.com

ecogasuk.com

chefdominick.com

gopay.site

littlehootyoga.com

xmhailibu.com

maerz-it.com

garrongoshen.com

mstestlabo2.online

thepatioideas.com

loftiscpa.net

p3juices.com

knot-experts.win

hell.enterprises

luisa-anderson.com

transporterivas.com

lispic.com

admiralswitch.win

onionscreative.com

Targets

    • Target

      2ea720e08d23620eec19036e1e019fde_JaffaCakes118

    • Size

      472KB

    • MD5

      2ea720e08d23620eec19036e1e019fde

    • SHA1

      e125ebf7c78ab570425a496482797c46783bc3c6

    • SHA256

      c2b83fb9b026ac37aaa0fa3599494f848c7d2ecd4da2493e6842fba00b31dba0

    • SHA512

      ce91403211d6b03bde8b94bcd0d961e7685b8d34e506882b96d58fea9234a4a48038eab5828a2ea349325a970032ce7b8f3e167233091b67785d3f9ef95992eb

    • SSDEEP

      6144:HfiZD08oqA7ik/P0QQnSoQ/NITl0OdjNSImQl2t88gfw3FU76wF:HfxHqAek/GS7BQYIp2t88XVUnF

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks