General

  • Target

    40237d6a3c84f02516bda17f8b957322_JaffaCakes118

  • Size

    436KB

  • Sample

    240513-sszxrsca2z

  • MD5

    40237d6a3c84f02516bda17f8b957322

  • SHA1

    8c3c3af0cbfc1e6e3c0d6c10229a817103d75069

  • SHA256

    8537dc2194884b6ec88e9bc44963b4b1dc34b28505fd20330f5ed137e63cafe6

  • SHA512

    9fec1f5835acd07655e4ac07f09dfbb40091b622f7a5c109972163eaf9e54c55f83e5505262b43ac8948fa4029cb86879ede8c1dbba6b4d078b5dab0e058ff96

  • SSDEEP

    6144:zxDkckbuLHbc3ybjGvGjE7LBZGXAztMt2HYo5FbZk22BtKj5LognzL9NJ2o:zqckbC7uye6hA6YHYadZXwwVognzLAo

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kbr

Decoy

szhmjd.net

wolvingfield.com

elcorazondemama.com

willowbeemasks.com

neoticboutique.com

monclerclassic.com

ownit.info

epicoverstocks.com

jbyowell.com

broadcastsfromthebrainradio.com

caelostore.com

cnsmyhrt.com

cape-winelands.info

rosetowndiary.com

somnambulantfarms.com

filewu.com

oskoomarket.com

nomadic.guru

aisyamedicbookstore.com

theshopontheright.com

Targets

    • Target

      sample.exe

    • Size

      497KB

    • MD5

      fa2b81bb3c092af37132e48f36fa92c3

    • SHA1

      715b71b3e7393c7bd1aa50a824e32b6408b6cbae

    • SHA256

      4f90d42980450652ef19fe55ebea9e68683b4d29027900dcbeb5c26d298318fc

    • SHA512

      36ec0cb0fad91ddf871ada9fdee7aaa57c0ebf9872e22e74e75c0b552ddc31d63832b4b19db4e62fa4d14304f3052c98ab3c2c95864c1d468bf0c5b28a133426

    • SSDEEP

      12288:Y/hpMAp2iNtv2zv1gvExBHMxS1iz23RNjxs8zUle01Eqm:Y/p1m2sHsy93tj0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Adds policy Run key to start application

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks