General

  • Target

    e8df56933dc6b29f0a0aeebb682b6ca2_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241212-3v7qha1qhv

  • MD5

    e8df56933dc6b29f0a0aeebb682b6ca2

  • SHA1

    e812c2bb3b17466886c947bbf4859685d9931f91

  • SHA256

    5fe669ecbc820aa52d3fb572b96b7c1cadad169da50cf1a67d4268cd917b041e

  • SHA512

    5a0baabb1d2c3fd643a04394aefead9cc5360fbd0864e6f6fcc3edbcc042b917dfc3a323bb6d31d81999a40d61f22dbe4efdb0e80b7c01bba5c5a7f154650561

  • SSDEEP

    12288:CC9lmw2iN4yXCyWYXjFofiV6OaQNB/76NQAQbUL6Njg5WHo+b7:d1PXCyLFoKUQNB/qKbUL6Nmwo+X

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vd9n

Decoy

theunwrappedcollective.com

seckj-ic.com

tyresandover.com

thetrophyworld.com

fonggrconstruction.com

hopiproject.com

sktitle.com

charlotteobscurer.com

qjuhe.com

girlzglitter.com

createmylawn.com

hempcbgpill.com

zzdfdzkj.com

shreehariessential.com

226sm.com

getcupscall.com

neuralviolin.com

sanskaar.life

xn--fhqrm54yyukopc.com

togetherx4fantasy5star.today

Targets

    • Target

      e8df56933dc6b29f0a0aeebb682b6ca2_JaffaCakes118

    • Size

      1.1MB

    • MD5

      e8df56933dc6b29f0a0aeebb682b6ca2

    • SHA1

      e812c2bb3b17466886c947bbf4859685d9931f91

    • SHA256

      5fe669ecbc820aa52d3fb572b96b7c1cadad169da50cf1a67d4268cd917b041e

    • SHA512

      5a0baabb1d2c3fd643a04394aefead9cc5360fbd0864e6f6fcc3edbcc042b917dfc3a323bb6d31d81999a40d61f22dbe4efdb0e80b7c01bba5c5a7f154650561

    • SSDEEP

      12288:CC9lmw2iN4yXCyWYXjFofiV6OaQNB/76NQAQbUL6Njg5WHo+b7:d1PXCyLFoKUQNB/qKbUL6Nmwo+X

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks