General

  • Target

    3ca6adb2c55147131eb87751eba66b89_JaffaCakes118

  • Size

    252KB

  • Sample

    240513-1dra3sfa76

  • MD5

    3ca6adb2c55147131eb87751eba66b89

  • SHA1

    282f6711e594272f30eb613e007c2831d1b6202e

  • SHA256

    29597c03eed30fc82c0cf555186e218deaf6d32f7a96b9ae0636185da6b664bc

  • SHA512

    e66339b52168d68e3b43552e0059b3ec3903c879ec12676915ee2a719061713b5748399a7f5aeabee4aa7ee8089b42cb77aa28088b476c29d50f9f3c4fa786f0

  • SSDEEP

    6144:PchSkHeKJTw2wqLo3bj8tNpkRE1HNs33m:GP+Kxw9qM25HmH

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

bi

Decoy

frspin.com

voron.black

in296.com

exportar.biz

19138537.com

de-play-games.com

suitmine.com

obedenie.com

inventoswiki.com

ahchoices.com

hushopgawd.com

uvalleconcrete.com

milospetstuff.com

vip-ships.com

huiyuetech.com

realestatewithswann.biz

investbuycoin.com

wememebusiness.info

stringapp.net

monikawaronska.com

Targets

    • Target

      3ca6adb2c55147131eb87751eba66b89_JaffaCakes118

    • Size

      252KB

    • MD5

      3ca6adb2c55147131eb87751eba66b89

    • SHA1

      282f6711e594272f30eb613e007c2831d1b6202e

    • SHA256

      29597c03eed30fc82c0cf555186e218deaf6d32f7a96b9ae0636185da6b664bc

    • SHA512

      e66339b52168d68e3b43552e0059b3ec3903c879ec12676915ee2a719061713b5748399a7f5aeabee4aa7ee8089b42cb77aa28088b476c29d50f9f3c4fa786f0

    • SSDEEP

      6144:PchSkHeKJTw2wqLo3bj8tNpkRE1HNs33m:GP+Kxw9qM25HmH

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks