General

  • Target

    415fb602fea93197946574b97294283f_JaffaCakes118

  • Size

    912KB

  • Sample

    240514-nxcwksed93

  • MD5

    415fb602fea93197946574b97294283f

  • SHA1

    3f050757b092a2b2449007d45632168caac1e2d9

  • SHA256

    2817e204072508a6023f199121144d5d0eb22e7bb04926fc42defea530fdf8e4

  • SHA512

    26efd87b79fdde653a0b07e57dc398b95928332efdc784ddab173ed6db3904cd7f9c8bb19c60efa85d67870a7c6a605d17167f4c9cf6bc54a538853bbdebd6bd

  • SSDEEP

    24576:E69dI9Dl7bPF4sm9dNdNByMEfAm0J6tZXEo:E696/ieAm0J6T

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kzy

Decoy

wolffdagrosa.net

visithonduras.coffee

soulvegancuisine.com

tjssshx.com

thehero5wow.date

dubbiemunchies.com

comovencerorefluxo.com

hell.delivery

skitki.top

graceyourspaceorganizing.com

dressmybreath.com

fukuoka.today

camphicks.com

xenmex.com

marriedlesbian.com

myfinancebabe.com

sanachain.com

paigeclass.com

centroctem.com

sanhetech.com

Targets

    • Target

      415fb602fea93197946574b97294283f_JaffaCakes118

    • Size

      912KB

    • MD5

      415fb602fea93197946574b97294283f

    • SHA1

      3f050757b092a2b2449007d45632168caac1e2d9

    • SHA256

      2817e204072508a6023f199121144d5d0eb22e7bb04926fc42defea530fdf8e4

    • SHA512

      26efd87b79fdde653a0b07e57dc398b95928332efdc784ddab173ed6db3904cd7f9c8bb19c60efa85d67870a7c6a605d17167f4c9cf6bc54a538853bbdebd6bd

    • SSDEEP

      24576:E69dI9Dl7bPF4sm9dNdNByMEfAm0J6tZXEo:E696/ieAm0J6T

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks