General

  • Target

    d0c4f48f0b69ee5f08f7baf1460229ee_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241207-fng5yatjhl

  • MD5

    d0c4f48f0b69ee5f08f7baf1460229ee

  • SHA1

    1da3fd441ec04d0207d020300168b3b83f16d8b5

  • SHA256

    085dd3415a1c0c601af338a15905c650935e18505e6ca71bf6ece1602bba19c3

  • SHA512

    79a9798dea5a819259b152742ef62046c634d3d0e7c27c7c9d58df642b03e5f5a801880ef6dddb7c684a7ee45082a88b6effb5a7fa51c7b74d0ef8a8c12f6c0f

  • SSDEEP

    24576:938hI5q8Bm8Mj/YoUOa9QQoehT2fXZvOi:u3HrjAowQihT2/

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Targets

    • Target

      d0c4f48f0b69ee5f08f7baf1460229ee_JaffaCakes118

    • Size

      1.4MB

    • MD5

      d0c4f48f0b69ee5f08f7baf1460229ee

    • SHA1

      1da3fd441ec04d0207d020300168b3b83f16d8b5

    • SHA256

      085dd3415a1c0c601af338a15905c650935e18505e6ca71bf6ece1602bba19c3

    • SHA512

      79a9798dea5a819259b152742ef62046c634d3d0e7c27c7c9d58df642b03e5f5a801880ef6dddb7c684a7ee45082a88b6effb5a7fa51c7b74d0ef8a8c12f6c0f

    • SSDEEP

      24576:938hI5q8Bm8Mj/YoUOa9QQoehT2fXZvOi:u3HrjAowQihT2/

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks