General

  • Target

    d2e0695f6f0e579c99b06442caad21ae_JaffaCakes118

  • Size

    902KB

  • Sample

    241207-rlc9raznbn

  • MD5

    d2e0695f6f0e579c99b06442caad21ae

  • SHA1

    a6b18219427005938b989cc295ce15797e12b50a

  • SHA256

    930ca41592c497666685d31cebd2afc885706bdad347e102a039015802d05bef

  • SHA512

    94341063e488102f8e15c56f8482e4f46a834b4495beeb2d9465d674a7ffc7b54252ddddf26543ad8053a5cc82d3c61c6002b72b6cd8cb796580ef225c00adc5

  • SSDEEP

    12288:O/Ev0VbMM6n29iHK7zWHN1ScXK2zVl+9j2N5+8AdyFs1Ybab/hog6J49ZU3h59R:6BkSh81G2JRPcYbatFaIqJR

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

    • Target

      d2e0695f6f0e579c99b06442caad21ae_JaffaCakes118

    • Size

      902KB

    • MD5

      d2e0695f6f0e579c99b06442caad21ae

    • SHA1

      a6b18219427005938b989cc295ce15797e12b50a

    • SHA256

      930ca41592c497666685d31cebd2afc885706bdad347e102a039015802d05bef

    • SHA512

      94341063e488102f8e15c56f8482e4f46a834b4495beeb2d9465d674a7ffc7b54252ddddf26543ad8053a5cc82d3c61c6002b72b6cd8cb796580ef225c00adc5

    • SSDEEP

      12288:O/Ev0VbMM6n29iHK7zWHN1ScXK2zVl+9j2N5+8AdyFs1Ybab/hog6J49ZU3h59R:6BkSh81G2JRPcYbatFaIqJR

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks