General

  • Target

    da1e2b1e058691ca583201401aeb7347_JaffaCakes118

  • Size

    926KB

  • Sample

    241209-r1zras1kgt

  • MD5

    da1e2b1e058691ca583201401aeb7347

  • SHA1

    50d4655dc22914393bd2b0aeb1855748d3f541dd

  • SHA256

    03e5bebad534a6061452af4f7b266bf214e8ad97f6d51d683378360f1351da30

  • SHA512

    c6e5d1e1a297ce52c6aed0c3f5fdd85440a283718668bd7e7d1240a0c05dcb6c3169af93a6510823948dd3263a4be81ea539a59a4bb0f84ad2eb8b6bcdc668fd

  • SSDEEP

    12288:l95TtEG4QkBZAVmMxrw9XybwhdkbXt0KzxALmhfg564V5H4nnUgmEy/7+WpDoYKD:lGJvMxrwrcXt01t

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e7hf

Decoy

miaozhunjingzhijia.com

mindplayva.com

vbetturkey.com

panevnyk.space

philiprankinemarketing.com

rosascleaningpros.com

nadersadek.info

2of237woodlandstreet.com

thegroomingdrs.com

cloudtrending.com

viajenscomcafe.com

medkomp.online

hohlola.com

ksremy.com

watermarkwpb.com

work4villageinn.com

pollmag.com

organizingbypaty.com

awakenwithrochelle.com

walcottstreetdental.site

Targets

    • Target

      da1e2b1e058691ca583201401aeb7347_JaffaCakes118

    • Size

      926KB

    • MD5

      da1e2b1e058691ca583201401aeb7347

    • SHA1

      50d4655dc22914393bd2b0aeb1855748d3f541dd

    • SHA256

      03e5bebad534a6061452af4f7b266bf214e8ad97f6d51d683378360f1351da30

    • SHA512

      c6e5d1e1a297ce52c6aed0c3f5fdd85440a283718668bd7e7d1240a0c05dcb6c3169af93a6510823948dd3263a4be81ea539a59a4bb0f84ad2eb8b6bcdc668fd

    • SSDEEP

      12288:l95TtEG4QkBZAVmMxrw9XybwhdkbXt0KzxALmhfg564V5H4nnUgmEy/7+WpDoYKD:lGJvMxrwrcXt01t

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks