General

  • Target

    37457efcced32d31e537a8e2f5ba24ec_JaffaCakes118

  • Size

    801KB

  • Sample

    240512-amsbmaad84

  • MD5

    37457efcced32d31e537a8e2f5ba24ec

  • SHA1

    535ca92224425416ec667aee04ab80a40d42b7df

  • SHA256

    786ae09eb45cf51650c879874b1d0d81a08012577adee96bf3c1353bd8ec6235

  • SHA512

    c268e59a69c6f8ab0f1a2cdc54d1fb650f677c6cf83da13bd30114310c52eee634aa6db18c826c813e60c737a833ccdf9b701749a73681d880dae8aaca293d59

  • SSDEEP

    12288:XgkMS7euFEpW2uCitF4nsAcuAbT2yI/v:bMS76WsqF4N9AbvI

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

pg

Decoy

chinatobelgiumpertrain.com

frengeen.com

tipiacevincerefacile.bet

aniversariosyvacaciones.com

crittersitter.care

freeformflow.com

estxt.com

adongchemical.com

i1d0zglwq6n.biz

undercover-trainer.com

olimp-supplement.com

fsjuxue.com

cash4biz.loan

theboulderhousenevadacity.com

theindianstores.com

crescentdetailing.com

emslvy.com

remeshkoff.com

hizliporno.info

nanny8024.com

Targets

    • Target

      37457efcced32d31e537a8e2f5ba24ec_JaffaCakes118

    • Size

      801KB

    • MD5

      37457efcced32d31e537a8e2f5ba24ec

    • SHA1

      535ca92224425416ec667aee04ab80a40d42b7df

    • SHA256

      786ae09eb45cf51650c879874b1d0d81a08012577adee96bf3c1353bd8ec6235

    • SHA512

      c268e59a69c6f8ab0f1a2cdc54d1fb650f677c6cf83da13bd30114310c52eee634aa6db18c826c813e60c737a833ccdf9b701749a73681d880dae8aaca293d59

    • SSDEEP

      12288:XgkMS7euFEpW2uCitF4nsAcuAbT2yI/v:bMS76WsqF4N9AbvI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks