General

  • Target

    391975e669d455f1adecc5ca6a60f66a_JaffaCakes118

  • Size

    630KB

  • Sample

    240711-pky4qaydkg

  • MD5

    391975e669d455f1adecc5ca6a60f66a

  • SHA1

    727851ce8c287a4c080994f891ed78352cc93b8e

  • SHA256

    c76a77d2c81deab2fda96cc7cfcd42ca3886522b254ab6fa7448c7db8692e00a

  • SHA512

    6629176a34216a678bfc8c4bb24056fc03e8a6c4a5d1314ec8f2d5b156cb0610a3eba666c3a3a5ef95964e54d00b83a41d937e038ba5270adec3dd3830468ec8

  • SSDEEP

    12288:6MzAvm9T+nin+nin+ni3AqeFsfWNhRaNoLDSFI3cFHh20QL+niu:6aAO9T+in+in+iQNsfWnL2FucFg+i

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

audereventur.com

huro14.com

wwwjinsha155.com

antiquevendor.com

samuraisoulfood.net

traffic4updates.download

hypersarv.com

rapport-happy-wedding.com

rokutechnosupport.online

allworljob.com

hanaleedossmann.com

kauai-marathon.com

bepbosch.com

kangen-international.com

zoneshopemenowz.com

belviderewrestling.com

ipllink.com

sellingforcreators.com

wwwswty6655.com

qtumboa.com

Targets

    • Target

      391975e669d455f1adecc5ca6a60f66a_JaffaCakes118

    • Size

      630KB

    • MD5

      391975e669d455f1adecc5ca6a60f66a

    • SHA1

      727851ce8c287a4c080994f891ed78352cc93b8e

    • SHA256

      c76a77d2c81deab2fda96cc7cfcd42ca3886522b254ab6fa7448c7db8692e00a

    • SHA512

      6629176a34216a678bfc8c4bb24056fc03e8a6c4a5d1314ec8f2d5b156cb0610a3eba666c3a3a5ef95964e54d00b83a41d937e038ba5270adec3dd3830468ec8

    • SSDEEP

      12288:6MzAvm9T+nin+nin+ni3AqeFsfWNhRaNoLDSFI3cFHh20QL+niu:6aAO9T+in+in+iQNsfWnL2FucFg+i

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks