General

  • Target

    3e13265fb0241133e27ae57793bcd375_JaffaCakes118

  • Size

    513KB

  • Sample

    240514-gdeshada68

  • MD5

    3e13265fb0241133e27ae57793bcd375

  • SHA1

    93b16ce706aef739d89a41e853eb48f92da2b0fe

  • SHA256

    fea8c05a548a56d2700b88a783a8948635148503e7d7f2b3da909b792df7979f

  • SHA512

    ed31a12271bf344cd56668022451f4881f4db505b74f8e15bb2f126823482627cc9095b222d46269df7c5d03202a7947232ea54167a3e73dbffb106e7cb500a1

  • SSDEEP

    12288:mbL3Y6BTYSv2zv1g5cHE1YGQckuyr7wHPzCc/bSHTj6bNJ:mf3ho25PKG3s0HsHoN

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dwn

Decoy

f4funda.com

musikbd.com

gureigh.com

arfcuk.com

ffd-restorations.com

chicoptica.com

stixnpins.com

alloutthere.com

jxdp7gcbrth52x.net

etherizer.com

yeezyshoesbuy.online

tbluebelt3dwdbuy.com

visitqiddiya.info

bulletproofadvice.net

hujiangjiagu.com

irreldevel.com

louisvuittonproperties.com

horizonscales.com

pangutec.com

subscription-ituns-inc.com

Targets

    • Target

      3e13265fb0241133e27ae57793bcd375_JaffaCakes118

    • Size

      513KB

    • MD5

      3e13265fb0241133e27ae57793bcd375

    • SHA1

      93b16ce706aef739d89a41e853eb48f92da2b0fe

    • SHA256

      fea8c05a548a56d2700b88a783a8948635148503e7d7f2b3da909b792df7979f

    • SHA512

      ed31a12271bf344cd56668022451f4881f4db505b74f8e15bb2f126823482627cc9095b222d46269df7c5d03202a7947232ea54167a3e73dbffb106e7cb500a1

    • SSDEEP

      12288:mbL3Y6BTYSv2zv1g5cHE1YGQckuyr7wHPzCc/bSHTj6bNJ:mf3ho25PKG3s0HsHoN

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks