General

  • Target

    3d76b5c0f9611f01f44c3a74e1aebe69_JaffaCakes118

  • Size

    483KB

  • Sample

    240712-p57llathrm

  • MD5

    3d76b5c0f9611f01f44c3a74e1aebe69

  • SHA1

    e6c2986ec30242d93d85f47d1a9922d080e00ad2

  • SHA256

    720ffc99aa96c665aae27db46f776476c37ca113db207790579adfd81c73ad05

  • SHA512

    5014ee087f6a4ff56edeb80405e2d4e56928495b6f351ba27805f074c330b4f130b5228d00d31bfcf75102376c98cf643958aca8b1e00acafed0ace16513c39b

  • SSDEEP

    12288:UFda+Fda+EMYLysUN8dR6q5T2ComsZ4UyDZ0dOaAf:UEMkrdRLdho1aJd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bf3

Decoy

ecatcom.com

what3emoji.com

primbathandbody.com

yt-itclub.com

newbieeer.com

getyoursofa.com

mexicanitems.info

catalogcardgames.net

leagueofwomengolfers.com

gvanmp.com

midnightsunhi.com

cnluma.com

sunsetcherrydesigns.com

cosmoproturkey.com

inifinityapps.net

making50masks.com

battalionice.com

uk-calculation.net

frosteatlove.com

bs-mag.com

Targets

    • Target

      3d76b5c0f9611f01f44c3a74e1aebe69_JaffaCakes118

    • Size

      483KB

    • MD5

      3d76b5c0f9611f01f44c3a74e1aebe69

    • SHA1

      e6c2986ec30242d93d85f47d1a9922d080e00ad2

    • SHA256

      720ffc99aa96c665aae27db46f776476c37ca113db207790579adfd81c73ad05

    • SHA512

      5014ee087f6a4ff56edeb80405e2d4e56928495b6f351ba27805f074c330b4f130b5228d00d31bfcf75102376c98cf643958aca8b1e00acafed0ace16513c39b

    • SSDEEP

      12288:UFda+Fda+EMYLysUN8dR6q5T2ComsZ4UyDZ0dOaAf:UEMkrdRLdho1aJd

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • Formbook payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks