General

  • Target

    41619ed21f07c9550a95c89cf29ed6a2_JaffaCakes118

  • Size

    800KB

  • Sample

    240514-nyw1vaee48

  • MD5

    41619ed21f07c9550a95c89cf29ed6a2

  • SHA1

    843a16125fcfbaf5ca7a5060ed33dad71dc18df6

  • SHA256

    2606deb7bc3a18fcd3873a061145bbf8b6bb39cbec5c6353aa3df0356a8a86db

  • SHA512

    a5f1f0256278ce1c59cfc59b71dde29ad4975f0d751a1b974f3b5d32b2736c2f513fe80445277a122df087ac58870b145c41bcdafd25ad5f2206d67781a92506

  • SSDEEP

    12288:JXIiyPzHe1yrLs72DaN4FzaQP6+S1gXXT1Tq+LbL2gWzseBxc7+esTCmy:JYiie1+Ls72Daq+QS+S61/PKggcC2my

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

l5

Decoy

riverchaseapts.net

0430pe.com

nbgift.net

ehkhwn.win

immatthall.com

fkslc.info

breakthroughmediadon.com

eatorganic.life

okcitytowing.com

egaodomain.com

krenbc.com

lavi.ltd

sport-score.com

romskicentar.com

junkyard.design

xn--55q83b758aihq.com

phonerepairlocal.com

5656868.com

1s7onework.men

elizabethreidinteriordesign.com

Targets

    • Target

      41619ed21f07c9550a95c89cf29ed6a2_JaffaCakes118

    • Size

      800KB

    • MD5

      41619ed21f07c9550a95c89cf29ed6a2

    • SHA1

      843a16125fcfbaf5ca7a5060ed33dad71dc18df6

    • SHA256

      2606deb7bc3a18fcd3873a061145bbf8b6bb39cbec5c6353aa3df0356a8a86db

    • SHA512

      a5f1f0256278ce1c59cfc59b71dde29ad4975f0d751a1b974f3b5d32b2736c2f513fe80445277a122df087ac58870b145c41bcdafd25ad5f2206d67781a92506

    • SSDEEP

      12288:JXIiyPzHe1yrLs72DaN4FzaQP6+S1gXXT1Tq+LbL2gWzseBxc7+esTCmy:JYiie1+Ls72Daq+QS+S61/PKggcC2my

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks