General

  • Target

    42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118

  • Size

    982KB

  • Sample

    240713-xa2qvsvcrb

  • MD5

    42e06d3213f0d6aa88948aae99165f2b

  • SHA1

    9752c143519d8d17276f9da4e338fb9580f3c727

  • SHA256

    7ffcfe208773bc49ef7a0e832fe117592b8eaf83484ebc9cfe9c64eb354aadec

  • SHA512

    10d2bd239e2e019633af58e006d3d9084d6d1128742174dc729a8480b40e2e867cb2ab80c2a9b432fe959ecf294f203449f65b9d0e69ed967c2f1ef95a6d6860

  • SSDEEP

    24576:T77RYU6Z7iYtU+wkxB2ccN+Vrd9dgKUIU1mj:SRZ7iYtIvMpU1mj

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t052

Decoy

ladybug-learning.com

unforgottenstory.com

oldmopaiv.xyz

natashaexim.com

hannahmcelgunn.com

retargetingmachines.info

njoconline.com

unicornlankadelivery.com

giftkerala.com

englishfordoctors.online

schatzilandrvresort.com

brujoisaac.com

basiccampinggear.com

escapees.today

dgyxsy888.com

stevebana.xyz

mimozakebap.com

ezdoff.com

pluumyspalace.com

shaoshanshan.com

Targets

    • Target

      42e06d3213f0d6aa88948aae99165f2b_JaffaCakes118

    • Size

      982KB

    • MD5

      42e06d3213f0d6aa88948aae99165f2b

    • SHA1

      9752c143519d8d17276f9da4e338fb9580f3c727

    • SHA256

      7ffcfe208773bc49ef7a0e832fe117592b8eaf83484ebc9cfe9c64eb354aadec

    • SHA512

      10d2bd239e2e019633af58e006d3d9084d6d1128742174dc729a8480b40e2e867cb2ab80c2a9b432fe959ecf294f203449f65b9d0e69ed967c2f1ef95a6d6860

    • SSDEEP

      24576:T77RYU6Z7iYtU+wkxB2ccN+Vrd9dgKUIU1mj:SRZ7iYtIvMpU1mj

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks