General

  • Target

    3e57cda1537e5da871c8f1d97ec7d337_JaffaCakes118

  • Size

    750KB

  • Sample

    240513-h7tdesfb48

  • MD5

    3e57cda1537e5da871c8f1d97ec7d337

  • SHA1

    d8840938fc45e5d20a0ca3ebebf794617a81e960

  • SHA256

    400ce3db41e45539da9cbec4768fe45f31d7ad4bd276fff441c79231d959cff0

  • SHA512

    3e06bed588ad457f639e2a9ca17abf26c1d77b827dcb9224963c09a1d31165ff0300b90741160c971902e30fe81918639515e5b45992704765e4b3dcbfeb3357

  • SSDEEP

    6144:7lMdF++8cNR1ykQXQAIvD1U0TV33GqK6fPu6WBis:7fcj1yk1bvD1U0TVmqPHWBis

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

d02

Decoy

sanforly.com

alignyourasana.com

savecivilization.solutions

theindiedisco.com

284man.com

sophisticateddining.com

lgzcgs.com

cougarstech.com

osce.info

fromthebeginningtotheend.com

w349cu.com

yumanmusic.com

brehinier.com

4500pe.com

sachionaonlineradio.info

parispolskibus.com

juranfukang.com

dqtv0459.com

chinesesovereigncoin.com

monoclothes.com

Targets

    • Target

      3e57cda1537e5da871c8f1d97ec7d337_JaffaCakes118

    • Size

      750KB

    • MD5

      3e57cda1537e5da871c8f1d97ec7d337

    • SHA1

      d8840938fc45e5d20a0ca3ebebf794617a81e960

    • SHA256

      400ce3db41e45539da9cbec4768fe45f31d7ad4bd276fff441c79231d959cff0

    • SHA512

      3e06bed588ad457f639e2a9ca17abf26c1d77b827dcb9224963c09a1d31165ff0300b90741160c971902e30fe81918639515e5b45992704765e4b3dcbfeb3357

    • SSDEEP

      6144:7lMdF++8cNR1ykQXQAIvD1U0TV33GqK6fPu6WBis:7fcj1yk1bvD1U0TVmqPHWBis

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Adds policy Run key to start application

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks