General
-
Target
c7a30945ff76cf5e44be926589ad132a_JaffaCakes118
-
Size
281KB
-
Sample
240828-zq7yxswanb
-
MD5
c7a30945ff76cf5e44be926589ad132a
-
SHA1
370fe0640a5ad3fbd6d43a191a54c5b216e26f85
-
SHA256
9061caadfa15767ca0cd66ce193a074f003948acc0502400ce75c73086c2f49a
-
SHA512
0103b151860ac485da1d07439afefe3062fc9b8ca58111817fe584340adbe73bcfae648125719bc729586c19b9df0390738e600594b389f5971b9625913befb8
-
SSDEEP
6144:93oZd7FqsBHxguKD/EczgmtRNuB2kZhYOvx7Lcr8+hE:93oZLqMHxw/1gmtnucaYcdwh
Malware Config
Extracted
formbook
3.9
kg50
customlasercutter.com
greenworldnursery.net
baltess.com
tanabatahotel.com
pinfang168.com
vakunda.com
gravityassistmaneuver.com
diyuntong.com
brnthz.info
carclubmail.com
gnkye.info
bfclady.com
starboard-realtty.com
guenstig-potenzdoktor.win
qc746g.biz
aplfinder.com
self-serviceshop.com
contenderwrestlingclub.com
jess-tures.com
themorningchannel.com
Targets
-
-
Target
c7a30945ff76cf5e44be926589ad132a_JaffaCakes118
-
Size
281KB
-
MD5
c7a30945ff76cf5e44be926589ad132a
-
SHA1
370fe0640a5ad3fbd6d43a191a54c5b216e26f85
-
SHA256
9061caadfa15767ca0cd66ce193a074f003948acc0502400ce75c73086c2f49a
-
SHA512
0103b151860ac485da1d07439afefe3062fc9b8ca58111817fe584340adbe73bcfae648125719bc729586c19b9df0390738e600594b389f5971b9625913befb8
-
SSDEEP
6144:93oZd7FqsBHxguKD/EczgmtRNuB2kZhYOvx7Lcr8+hE:93oZLqMHxw/1gmtnucaYcdwh
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-