General

  • Target

    b58faebe1453acc289bfd688688e2474_JaffaCakes118

  • Size

    612KB

  • Sample

    240822-aak2sa1fql

  • MD5

    b58faebe1453acc289bfd688688e2474

  • SHA1

    730b350d9365074bcce398290a8c620c68209290

  • SHA256

    1ec5aeccf89c5d7a378e443e742e37f05a2aa7cb71150ee0ca4876c6b37d7b4d

  • SHA512

    bc6c24e85f9cdad6405ed187c689e21461916e85b12822027d1dcc87eeb1403154ba984cfcbc69fe812529f530561cbb9e3376fab7795ce1fc32e8883daa2ff5

  • SSDEEP

    12288:Gmc51xGbhjB4pDHfx1TmIgzLivEv+Sbv6Xyq+mOnGrthsZJCVG:GhvGr4pzff3gN1O6mOM6G

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

bft

Decoy

edenicities.com

buntingfordhomeservices.com

nuanceproducoes.com

divasinspire.com

capiturn.com

zbjsn.com

thegioicaytrongnha.com

featherventure.com

onbrandtrading.com

sanguoban.com

doorman.pro

ourhomie.net

iwassickonholiday.com

mrcskin.com

reallycoolmask.com

tkrbeautyinstitut.com

keytomiami.com

sesliduybeni.com

asherwebber.com

starkweatherwindows.net

Targets

    • Target

      b58faebe1453acc289bfd688688e2474_JaffaCakes118

    • Size

      612KB

    • MD5

      b58faebe1453acc289bfd688688e2474

    • SHA1

      730b350d9365074bcce398290a8c620c68209290

    • SHA256

      1ec5aeccf89c5d7a378e443e742e37f05a2aa7cb71150ee0ca4876c6b37d7b4d

    • SHA512

      bc6c24e85f9cdad6405ed187c689e21461916e85b12822027d1dcc87eeb1403154ba984cfcbc69fe812529f530561cbb9e3376fab7795ce1fc32e8883daa2ff5

    • SSDEEP

      12288:Gmc51xGbhjB4pDHfx1TmIgzLivEv+Sbv6Xyq+mOnGrthsZJCVG:GhvGr4pzff3gN1O6mOM6G

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks