General
-
Target
4169f0ada3f069e2fa0dbf561820d4b0_JaffaCakes118
-
Size
851KB
-
Sample
240729-mr5hzaydrf
-
MD5
4169f0ada3f069e2fa0dbf561820d4b0
-
SHA1
eb8e2217c6b667102c31d47bacb88a95e25f4a9b
-
SHA256
63d643f5f17f5e621ef22e4c05a5d92c519376d0043c0958284d34ae206c0161
-
SHA512
df70c99c4874ef4cbb8c1a251b69e087a1ccb486ba1c1c2a5035599a55da64b3662f722bb01901aecf204bbcfc2502d4c3306a1f83c695249305aa60d1432daf
-
SSDEEP
12288:y38ZC2jTIBwgM9poZThtKyx12lwLxog3rChBQhwIRP17YppIkNVnfnwhEgtY9:IfzBw3PotKWR9h3On6t10ppRNQt
Malware Config
Extracted
formbook
4.1
nm8
bloominggardening.com
uds261.com
kerrnightsky.com
1010cookstreet.net
futuremediaisnow.net
ordersinfoinq.com
bitcoinautomatictrade.com
thedreamsfreshet.com
jukjam.com
aerialc.com
strategiclearning.group
spitfind.guru
healthyteamhealthybusiness.com
willow-and-hill.com
gracioustouchintl.com
alwaysontimerecruiting.com
kufars.info
tennesseepaymentrelief.net
lojaim.com
sinantiseme.com
Targets
-
-
Target
4169f0ada3f069e2fa0dbf561820d4b0_JaffaCakes118
-
Size
851KB
-
MD5
4169f0ada3f069e2fa0dbf561820d4b0
-
SHA1
eb8e2217c6b667102c31d47bacb88a95e25f4a9b
-
SHA256
63d643f5f17f5e621ef22e4c05a5d92c519376d0043c0958284d34ae206c0161
-
SHA512
df70c99c4874ef4cbb8c1a251b69e087a1ccb486ba1c1c2a5035599a55da64b3662f722bb01901aecf204bbcfc2502d4c3306a1f83c695249305aa60d1432daf
-
SSDEEP
12288:y38ZC2jTIBwgM9poZThtKyx12lwLxog3rChBQhwIRP17YppIkNVnfnwhEgtY9:IfzBw3PotKWR9h3On6t10ppRNQt
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-