General

  • Target

    42d5e7a96109922fcb765e86760995a7_JaffaCakes118

  • Size

    378KB

  • Sample

    240514-ysa7asdg8v

  • MD5

    42d5e7a96109922fcb765e86760995a7

  • SHA1

    1f6d6281f2c89ad2d3a4ebfb74d4e72a0d49268d

  • SHA256

    6c493d5a727414266a1b43719c18d1cce931c8b0208cccc2748d8b828a0403f5

  • SHA512

    de512fdd6d44988ca5ce9f36c12d0119abb85ec4e44196d37a03a3c28fddacce98025f3e5b561ae726458bc125443d829e7297361772acad7cdfa1548c4fdb90

  • SSDEEP

    6144:x+QGRBX+lGz8m0NMYYLkasSLfZjTX5+QMWyCiJvlTD6uU43byTPpxiO4RQsGRlSN:UQGPXIGz8mrHsqh3wDC29eDpnsGW6

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

hx318

Decoy

winable.agency

indiandefwncereview.com

beautynewbuye.win

zhishaling.com

tiakia.com

thirtysomethingnewlyweds.com

bendix-voice-academy.com

thomaspropainting.com

thedentalimpressions.com

shangshenbath.com

incprofits.com

bellevuerental.com

i9philanburbs.com

ensda.com

cungcapsimypham.com

fernandozubillaga.com

chatjeddah.com

puigadoll.com

seyigesea0.com

ebikeslouisvilleco.com

Targets

    • Target

      42d5e7a96109922fcb765e86760995a7_JaffaCakes118

    • Size

      378KB

    • MD5

      42d5e7a96109922fcb765e86760995a7

    • SHA1

      1f6d6281f2c89ad2d3a4ebfb74d4e72a0d49268d

    • SHA256

      6c493d5a727414266a1b43719c18d1cce931c8b0208cccc2748d8b828a0403f5

    • SHA512

      de512fdd6d44988ca5ce9f36c12d0119abb85ec4e44196d37a03a3c28fddacce98025f3e5b561ae726458bc125443d829e7297361772acad7cdfa1548c4fdb90

    • SSDEEP

      6144:x+QGRBX+lGz8m0NMYYLkasSLfZjTX5+QMWyCiJvlTD6uU43byTPpxiO4RQsGRlSN:UQGPXIGz8mrHsqh3wDC29eDpnsGW6

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks