General

  • Target

    34d41b08db20c3be620d503955bd982e_JaffaCakes118

  • Size

    400KB

  • Sample

    240511-qtwwdshh8s

  • MD5

    34d41b08db20c3be620d503955bd982e

  • SHA1

    afc50b80e124aa53efbd8a4c1a5e60de88fabb52

  • SHA256

    38c3feee374e74f5ced5844328807d5a8b28131fa013bb8fbc4ce9e667e70e9c

  • SHA512

    80ca69a37daed48c75c304199bd143186249d0f145ce117abce8109cc5a82777287ee0a59ee0b916a2c4d0ee10aed7f65cbe3818d25005588d01b2d07e8a7dae

  • SSDEEP

    6144:qYE0hViKFzTJYIq/YN2l7N21qMQPTAgxA+G5x1jMmeNkGzdbv2iS9UNYUYY64L4Y:/r9F6SN2RkfQ7fIAzdbvgHY6nKlGw

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

ch36

Decoy

hookbug.com

useicar.net

plentyofhosting.com

finalmary.win

pacwestcoastalproperties.com

prideharmonyfoundation.com

royaltakeout.com

lephare-shop.com

alphaomeganetworks.com

solistkonsilanlari.com

yj-info.net

badajozbeerlab.com

wwwjsvip9999.com

centraltexasrvpark.net

hosofb789.com

roademissions.com

toscanaristorazione.com

jrmsj.com

sweetsncandy.com

hzcrgg.com

Targets

    • Target

      8012bea9d522c2a1a6d032ba268e6f9f.doc

    • Size

      973KB

    • MD5

      8012bea9d522c2a1a6d032ba268e6f9f

    • SHA1

      d8c4d15b43546732fee5da20e35704be9b16052e

    • SHA256

      bc56eec51e9588c386885e12094cd794eb899b717527525fd302507c659ed5e8

    • SHA512

      daacbd46f0f2025d5984bc6efa6a5ee7e8a2328c3f988cc5ba4f6b3af2b68830e2e5bdff86cb6e3a544b91c7abd753c6a2bcb612221b98070ea858ebac45e805

    • SSDEEP

      12288:HQPeWspE5a2/D6w1DcpQ47d/mcc6EVOFUWxhNSyHS0FpQPccolWaNq7jMPyH0o3k:wPFs6dHDcq47d/mF6dxh/SaZgaMcZo0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks