General

  • Target

    5b1dc171e1cebd41113026efeb2b4706_JaffaCakes118

  • Size

    475KB

  • Sample

    240719-j2yavs1arr

  • MD5

    5b1dc171e1cebd41113026efeb2b4706

  • SHA1

    de8b4d1cab6c5e7128ca0be64a6d4530bb9fccb9

  • SHA256

    39287814ea3564466041ba0be1636e7230e45c5126a41fd9d0ac30f0eb62a942

  • SHA512

    2de687ea39cf8b15454c624b506098fbe41621c1e4d1b6064703695781b8018151f761443c9b7bd041af46ebc69ebf6c1c110e91eab9511b554e78aa22ffbae3

  • SSDEEP

    12288:uKvyiDLe0/VgJkVRCcs6hKoXL6gFw1QheAk6o82Osa7SagnpaihxVKyc:uKZ20hb91o8Dsa7/MBhxB

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xle

Decoy

tknbr.com

loyaloneconstruction.com

what-where.com

matebacapital.com

marriedandmore.com

qiemfsolutions.com

graececonsulting.com

www7456.com

littlefreecherokeelibrary.com

tailgatepawkinglot.com

musheet.com

tesfamariamtb.com

1728025.com

xceltechuae.com

harperandchloe.com

thepamperedbarber.com

5050alberta.com

supplychainstrainer.com

lacorte.group

ringingbear.com

Targets

    • Target

      5b1dc171e1cebd41113026efeb2b4706_JaffaCakes118

    • Size

      475KB

    • MD5

      5b1dc171e1cebd41113026efeb2b4706

    • SHA1

      de8b4d1cab6c5e7128ca0be64a6d4530bb9fccb9

    • SHA256

      39287814ea3564466041ba0be1636e7230e45c5126a41fd9d0ac30f0eb62a942

    • SHA512

      2de687ea39cf8b15454c624b506098fbe41621c1e4d1b6064703695781b8018151f761443c9b7bd041af46ebc69ebf6c1c110e91eab9511b554e78aa22ffbae3

    • SSDEEP

      12288:uKvyiDLe0/VgJkVRCcs6hKoXL6gFw1QheAk6o82Osa7SagnpaihxVKyc:uKZ20hb91o8Dsa7/MBhxB

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks