General

  • Target

    78f998a3e27a3a76480d4bc25cd37286_JaffaCakes118

  • Size

    908KB

  • Sample

    241028-lpghpawfjp

  • MD5

    78f998a3e27a3a76480d4bc25cd37286

  • SHA1

    07f330e5da999ce439450c5dbfa518fd5f754ed3

  • SHA256

    7209a5aa4814e2f82aace6de499f4da7911c19bf06f5e12fd302806ecc2a67bd

  • SHA512

    8510bd628cc871c9e05b9ecbd856557b86e6e9538105104c5ecfeba163395e7bc564f563259a96e73d88c07462329da6fa98d5878a89508e310649ed613a0d7d

  • SSDEEP

    12288:OlV9bJky5TzU2ai6D3h0kaHHM7wD0Pu0sIPWfZ4OU8I3/sBIjL8DPH:OUaai6DbanhUHFrWccPH

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

glgd

Decoy

cdcbullies.com

qidajixie.com

bgimlv.com

sunflowerhybrid.com

kemal.cloud

canadadirect.net

mickey2nd.com

fastjobssearcher.com

tiny-tobi.com

inmedixequus.com

coollifeideas.com

triadelectronicsupply.com

lambyo.com

zxyoo.com

spokanemusicmag.com

sortporn.com

deadroomnyc.com

313mail.com

hexiptv.net

stanbiccargo-express.com

Targets

    • Target

      78f998a3e27a3a76480d4bc25cd37286_JaffaCakes118

    • Size

      908KB

    • MD5

      78f998a3e27a3a76480d4bc25cd37286

    • SHA1

      07f330e5da999ce439450c5dbfa518fd5f754ed3

    • SHA256

      7209a5aa4814e2f82aace6de499f4da7911c19bf06f5e12fd302806ecc2a67bd

    • SHA512

      8510bd628cc871c9e05b9ecbd856557b86e6e9538105104c5ecfeba163395e7bc564f563259a96e73d88c07462329da6fa98d5878a89508e310649ed613a0d7d

    • SSDEEP

      12288:OlV9bJky5TzU2ai6D3h0kaHHM7wD0Pu0sIPWfZ4OU8I3/sBIjL8DPH:OUaai6DbanhUHFrWccPH

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks