General

  • Target

    40c9b68553716171b9a74fa2785cb160_JaffaCakes118

  • Size

    809KB

  • Sample

    240713-jj5bfsvaqb

  • MD5

    40c9b68553716171b9a74fa2785cb160

  • SHA1

    18ad06d12e92f1d7a61805d294bb2c5e048f3ec7

  • SHA256

    41f081bd505403ec94e9ad6cf6e496e5347482ee8cc64b7e2304ca52f286e236

  • SHA512

    fe3c76659fd0f274ae08c7c9de3dc81b7c573c4ed6cd051d55adda59c426a548901282ac33ae5661c2dfb4d48aa12e9c1ffd32f0b79c0422de94cc0fd2a44a46

  • SSDEEP

    12288:aXBQSnZl+lZbAy/TYTXSjQlXkKuTLXF3ONP5nJyuEBwQrA6iQQR6PcvHQ9:aX18bHTcXSjQlUtXF3wKwQMP

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wgn

Decoy

kokokara-life-blog.com

faswear.com

futureleadershiptoday.com

date4done.xyz

thecouponinn.com

bbeycarpetsf.com

propolisnasalspray.com

jinjudiamond.com

goodevectors.com

nehyam.com

evalinkapuppets.com

what-if-statistics.com

rateofrisk.com

impacttestonlinne.com

servis-kaydet.info

coloniacafe.com

marcemarketing.com

aarigging.com

goddesswitchery.com

jasqblo.icu

Targets

    • Target

      40c9b68553716171b9a74fa2785cb160_JaffaCakes118

    • Size

      809KB

    • MD5

      40c9b68553716171b9a74fa2785cb160

    • SHA1

      18ad06d12e92f1d7a61805d294bb2c5e048f3ec7

    • SHA256

      41f081bd505403ec94e9ad6cf6e496e5347482ee8cc64b7e2304ca52f286e236

    • SHA512

      fe3c76659fd0f274ae08c7c9de3dc81b7c573c4ed6cd051d55adda59c426a548901282ac33ae5661c2dfb4d48aa12e9c1ffd32f0b79c0422de94cc0fd2a44a46

    • SSDEEP

      12288:aXBQSnZl+lZbAy/TYTXSjQlXkKuTLXF3ONP5nJyuEBwQrA6iQQR6PcvHQ9:aX18bHTcXSjQlUtXF3wKwQMP

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks