General

  • Target

    39032da5cede13d60783dfcb20ac354b_JaffaCakes118

  • Size

    368KB

  • Sample

    240512-jlmjesae26

  • MD5

    39032da5cede13d60783dfcb20ac354b

  • SHA1

    a81890e182ed2dc2638447d87800c5cca8d5bc2d

  • SHA256

    85a5a0e401942e2c679e477072f96e3241e54238de6b0509545c297fd7f4b815

  • SHA512

    612e2fa97bb5dc0c1e310fcd3ce5605686519f54d318b0a77feb1321e46892ed6c2eae3440a94f1b0b71490e148d93e16eaeea4aab297b586245cf1d97e235f8

  • SSDEEP

    6144:h60QU08NZEdz3xtP+QUmMXcZxKM9Riouk/T+6KV/meQrJ9SFfL6Jm2m:hdQUpEZPOBcViouk/T7PP9SFfL6c

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

hx323

Decoy

ntquhue.com

ydweq.info

mgmtnj.info

esbenkc.com

520datianshi.com

carrierqaqc.com

ramseylegacy.com

madamechoo.com

uwf.email

music.insure

offers.party

barebeerbums.com

zhonganyibang.com

carinsurancemun.info

rfcnq.info

pharmalogue.net

lonelytabletopgamer.com

passkey.systems

acorndevelopmentcompany.com

pocoride.com

Targets

    • Target

      39032da5cede13d60783dfcb20ac354b_JaffaCakes118

    • Size

      368KB

    • MD5

      39032da5cede13d60783dfcb20ac354b

    • SHA1

      a81890e182ed2dc2638447d87800c5cca8d5bc2d

    • SHA256

      85a5a0e401942e2c679e477072f96e3241e54238de6b0509545c297fd7f4b815

    • SHA512

      612e2fa97bb5dc0c1e310fcd3ce5605686519f54d318b0a77feb1321e46892ed6c2eae3440a94f1b0b71490e148d93e16eaeea4aab297b586245cf1d97e235f8

    • SSDEEP

      6144:h60QU08NZEdz3xtP+QUmMXcZxKM9Riouk/T+6KV/meQrJ9SFfL6Jm2m:hdQUpEZPOBcViouk/T7PP9SFfL6c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks