General
-
Target
6718b469b6916b6d72a29ed23e6eda52_JaffaCakes118
-
Size
396KB
-
Sample
240522-nkffyach57
-
MD5
6718b469b6916b6d72a29ed23e6eda52
-
SHA1
ff778f57acdaa1ec9e467e562028e84d66e4fa3f
-
SHA256
3400e42731d3737a64af32e4ce085979807a70aaa7e7a9137de73f2b738daa1c
-
SHA512
66d8a389becf11c7cf76757b9fc0b11b44a9922eb2947997e5ec7935fd57f83032311c8a831f471f497aa70c616a24a1a8fcc2a7497adcfc7c075a48c5e73189
-
SSDEEP
6144:4VL0nt7DmqFVXJ/sRw5bdKeHrlfxvpszSbSRKDA2bPhleIq:OuxXJ/sRw5dKeLfCzSBThle
Malware Config
Extracted
formbook
3.9
h362
optimisticit.com
vuoto-visual.com
therealestatecenter.info
buckluvinpearlgirl2018.com
thecutfactoryso.com
healthyminde.com
remitandswitch.com
oregonawaits.info
sidesteem.com
dopper2018.net
villacoquito.com
theartofrecieving.com
fake-kevin-domain-fake123.com
adlibexeclodge.com
web-chops.com
darkflamearchives.com
mobileappsdirectnow.com
krismartinpr.com
visorsports.com
gisaeng.net
Targets
-
-
Target
6718b469b6916b6d72a29ed23e6eda52_JaffaCakes118
-
Size
396KB
-
MD5
6718b469b6916b6d72a29ed23e6eda52
-
SHA1
ff778f57acdaa1ec9e467e562028e84d66e4fa3f
-
SHA256
3400e42731d3737a64af32e4ce085979807a70aaa7e7a9137de73f2b738daa1c
-
SHA512
66d8a389becf11c7cf76757b9fc0b11b44a9922eb2947997e5ec7935fd57f83032311c8a831f471f497aa70c616a24a1a8fcc2a7497adcfc7c075a48c5e73189
-
SSDEEP
6144:4VL0nt7DmqFVXJ/sRw5bdKeHrlfxvpszSbSRKDA2bPhleIq:OuxXJ/sRw5dKeLfCzSBThle
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-