General

  • Target

    640a5a69bb8bad401d53decd4cc8ca20_JaffaCakes118

  • Size

    428KB

  • Sample

    240521-vehsfacd3s

  • MD5

    640a5a69bb8bad401d53decd4cc8ca20

  • SHA1

    01fa7024fd76ca92eccc565e2c393048b3f11c51

  • SHA256

    67f8ad3999ae43679f67d54be1fd73f0a009b0509f7284ad0ad726615e83e139

  • SHA512

    32b59acacd1ada2c488a91130e28196556687e4b5fb41b46b959ff25ef7cb2ad6e2f77d37a53eadb0b9823bb084547bff841e3d4e47b56491e5fd26ac2cc66f3

  • SSDEEP

    6144:EwuOFkQsk7HjHaPnjsxnxoZunk+dbRyPEIBSSh4a5yZQlgy85iA2p07ybCx7XtnC:MQsk7+LI5RCzjTSybyXZ

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

h313

Decoy

kudaspb.info

riven.market

strictlyafricanjapan.win

moresisebank.com

lugg14141.com

musictravelbar.com

snip-store.net

mnum2.com

inevitably.ltd

topskin-care.live

chinasmokingglass.com

milkmuuske.com

gadology.com

lntoken.com

wxtusugangguan.com

freetraffic2upgradeall.review

myhumblenode.com

otodo.site

ryden-mckenna-ltd.com

diminishedunison.com

Targets

    • Target

      640a5a69bb8bad401d53decd4cc8ca20_JaffaCakes118

    • Size

      428KB

    • MD5

      640a5a69bb8bad401d53decd4cc8ca20

    • SHA1

      01fa7024fd76ca92eccc565e2c393048b3f11c51

    • SHA256

      67f8ad3999ae43679f67d54be1fd73f0a009b0509f7284ad0ad726615e83e139

    • SHA512

      32b59acacd1ada2c488a91130e28196556687e4b5fb41b46b959ff25ef7cb2ad6e2f77d37a53eadb0b9823bb084547bff841e3d4e47b56491e5fd26ac2cc66f3

    • SSDEEP

      6144:EwuOFkQsk7HjHaPnjsxnxoZunk+dbRyPEIBSSh4a5yZQlgy85iA2p07ybCx7XtnC:MQsk7+LI5RCzjTSybyXZ

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks