General

  • Target

    32c799f1bc4ee53bd7df072f059cca8a_JaffaCakes118

  • Size

    308KB

  • Sample

    240511-fcg1ssgf25

  • MD5

    32c799f1bc4ee53bd7df072f059cca8a

  • SHA1

    83c58f81634f0cc651bbebac5c2843bc2d3be1b6

  • SHA256

    01adac8baba76782156b0b664b166310e3d93f2d7f442387c59d1a07572f8ec4

  • SHA512

    b24fe0d730fb91bf1e3ee72ffea2ab4a8a4457023f6b854dd6c160f1fc5c49b4758f2e5dc2e58fc4ce62f4fbb279eab519c3c9797ca032e87bf704e96318db18

  • SSDEEP

    6144:sslNaYZ1Gu4GF5qJf8SThxu4uUS/qwYaC1:s8/GHGF5O9TWZUS/qK

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

st

Decoy

myshoppcity.com

rosswoodrabbitry.com

liebiao.ltd

takhfif.center

viewfromthepilothouse.com

aspidge.reisen

eslacon.com

prosnisipoy.com

williamsp.com

cryafricanetwork.com

realhealthytipsdaily.com

floridapoweroutage.com

cozypom.com

madresemprendedoras.net

tee-knees.com

unprecedented.ltd

loanequitylive.com

myzlyy.com

zulamejiahostel.com

stickupp.com

Targets

    • Target

      32c799f1bc4ee53bd7df072f059cca8a_JaffaCakes118

    • Size

      308KB

    • MD5

      32c799f1bc4ee53bd7df072f059cca8a

    • SHA1

      83c58f81634f0cc651bbebac5c2843bc2d3be1b6

    • SHA256

      01adac8baba76782156b0b664b166310e3d93f2d7f442387c59d1a07572f8ec4

    • SHA512

      b24fe0d730fb91bf1e3ee72ffea2ab4a8a4457023f6b854dd6c160f1fc5c49b4758f2e5dc2e58fc4ce62f4fbb279eab519c3c9797ca032e87bf704e96318db18

    • SSDEEP

      6144:sslNaYZ1Gu4GF5qJf8SThxu4uUS/qwYaC1:s8/GHGF5O9TWZUS/qK

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks