General

  • Target

    4105b6a32b90180cd3dfe3c359061f46_JaffaCakes118

  • Size

    956KB

  • Sample

    240713-kwsc4awhng

  • MD5

    4105b6a32b90180cd3dfe3c359061f46

  • SHA1

    ea131838d1e1ed495d75c76b956c790f071e002e

  • SHA256

    3f1f0dce8eb0b1a98912a8c08208c5d4425e013e20719aca1d14ca4924f841c6

  • SHA512

    c7c039b347b1a1a0d63d3ab81a3024d7f7bd669325e341bf27d0b62960ddbd56f17b836e98d9cb78ce6feaaf1a7160d1613a4e57d634a712ee28a21683215bbb

  • SSDEEP

    12288:fO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl5RODp2K046Mnq0UnsO5lJkKzUva:2HXRYFphm9vFrPMOiPRVZIRfBiBk

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rf3t

Decoy

palmettohomeswakulla.com

sorelleapparel.com

abouttohour.com

ogrownhemp.com

themontagnard.com

zarioch.space

lty712.info

ajdstone.com

600plusgymspa.com

schmitzland.com

luhuigw.com

mysafeplacetoinsure.com

barkpark.club

investigation-science.com

sermonartnotes.net

gorgeousflippinllc.com

smarttrendshop.com

markusjungfoto.com

glyzaelbol.info

thewiseowl.art

Targets

    • Target

      4105b6a32b90180cd3dfe3c359061f46_JaffaCakes118

    • Size

      956KB

    • MD5

      4105b6a32b90180cd3dfe3c359061f46

    • SHA1

      ea131838d1e1ed495d75c76b956c790f071e002e

    • SHA256

      3f1f0dce8eb0b1a98912a8c08208c5d4425e013e20719aca1d14ca4924f841c6

    • SHA512

      c7c039b347b1a1a0d63d3ab81a3024d7f7bd669325e341bf27d0b62960ddbd56f17b836e98d9cb78ce6feaaf1a7160d1613a4e57d634a712ee28a21683215bbb

    • SSDEEP

      12288:fO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl5RODp2K046Mnq0UnsO5lJkKzUva:2HXRYFphm9vFrPMOiPRVZIRfBiBk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks