General

  • Target

    53245472a694f3ad439287727b6de6f1_JaffaCakes118

  • Size

    243KB

  • Sample

    240717-qht8esscpq

  • MD5

    53245472a694f3ad439287727b6de6f1

  • SHA1

    e91a72d96fdd5edd30364034d743293af0fc888e

  • SHA256

    ea1c573cb646732f1c33cd0a4ce988e3c07e32d23ba8b69147904a9b86126e0e

  • SHA512

    829dff63a8d563451e5bb10e5e092cea73b65f06356462184ddddbd4ca028f56e3d377b8eaf45453170eeb4555697e2ab481a49c760b3b19fc18d5544795d555

  • SSDEEP

    3072:s4/x7UKhFLQQDxfTSEyaovphmd/h7u9q7vNkO0I7pOurg2f1o1BMwLk5nxpW:bx7UYLQQ9fTSAJu9q7eU1qXMwWxp

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c239

Decoy

shareourjesus.com

lavictoriaesdetodos.com

helpfulproductions.com

waggonerplastics.com

skipouya.com

everyoneshoroscope.com

winterstokeview.com

gutsyhomemakers.com

redstatesdigital.com

themacmeliusshow.com

beautybarnantucket.com

wearetwo-a.com

thenutritionessentialist.com

tapsiwadhwa.com

jundicompany.net

gobocawest.com

woodking.space

elegantap.com

2ndoss.info

ebay1111.com

Targets

    • Target

      53245472a694f3ad439287727b6de6f1_JaffaCakes118

    • Size

      243KB

    • MD5

      53245472a694f3ad439287727b6de6f1

    • SHA1

      e91a72d96fdd5edd30364034d743293af0fc888e

    • SHA256

      ea1c573cb646732f1c33cd0a4ce988e3c07e32d23ba8b69147904a9b86126e0e

    • SHA512

      829dff63a8d563451e5bb10e5e092cea73b65f06356462184ddddbd4ca028f56e3d377b8eaf45453170eeb4555697e2ab481a49c760b3b19fc18d5544795d555

    • SSDEEP

      3072:s4/x7UKhFLQQDxfTSEyaovphmd/h7u9q7vNkO0I7pOurg2f1o1BMwLk5nxpW:bx7UYLQQ9fTSAJu9q7eU1qXMwWxp

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks