General

  • Target

    3ed94bb64fa06aafe96d8d823fac745b_JaffaCakes118

  • Size

    577KB

  • Sample

    240513-llqxyshf37

  • MD5

    3ed94bb64fa06aafe96d8d823fac745b

  • SHA1

    cd6e298d2ab38a1e41b42f11b760a188a562049a

  • SHA256

    e77e182e673cccbe6863f7682fb061f6cb1c34502686d9950821c9408fa44a28

  • SHA512

    95d40cd5f80375a92794fbf2e07ab6f05d0b8e39ee9c269099f19bed3767f29f7d10842d646610ddd7101eb8a5c5983a43aff23ac443ef522d499cd3980c414c

  • SSDEEP

    12288:Yj1r6My4atW/2Tl/OxYVAjjMDYUQSb/iWpzNV0VXm6enva:Yj1DaM2Tl/OxYV0e/iW3wp

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

so6

Decoy

webshoppee.com

sangyey.com

3809775.com

canadelstores.com

halalmeans.com

karimafashion.com

tokochan.info

viralxch.com

ayazmorris.com

movilesgadgets.com

applyinvestments.com

discoverirelanduk.com

dreamonsolution.com

dziecikomfort.com

edinhosilva.life

forthathletic.com

mspi-ph.net

onlinetuneclass.com

trendyteezs.com

domaine-du-bruisset.com

Targets

    • Target

      3ed94bb64fa06aafe96d8d823fac745b_JaffaCakes118

    • Size

      577KB

    • MD5

      3ed94bb64fa06aafe96d8d823fac745b

    • SHA1

      cd6e298d2ab38a1e41b42f11b760a188a562049a

    • SHA256

      e77e182e673cccbe6863f7682fb061f6cb1c34502686d9950821c9408fa44a28

    • SHA512

      95d40cd5f80375a92794fbf2e07ab6f05d0b8e39ee9c269099f19bed3767f29f7d10842d646610ddd7101eb8a5c5983a43aff23ac443ef522d499cd3980c414c

    • SSDEEP

      12288:Yj1r6My4atW/2Tl/OxYVAjjMDYUQSb/iWpzNV0VXm6enva:Yj1DaM2Tl/OxYV0e/iW3wp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks