General
-
Target
JaffaCakes118_55c9f0f7b5c964be1b285bbef1ebf6774ea62700857e2d68278a991469899e06
-
Size
133KB
-
Sample
241221-yw1w5aylbv
-
MD5
b95ff827e43b4f51723ea5d3e44b3ff4
-
SHA1
ccf361c5e09d43540d0eb35ad981affccd536ae5
-
SHA256
55c9f0f7b5c964be1b285bbef1ebf6774ea62700857e2d68278a991469899e06
-
SHA512
39729c642865e36b5c67c611f267a18e5d03a0b0c5346d1d8f1792be615f7e1605edfc9f39219092bc455e3773fe9232a1531f2b6e7e938683983b078ed72bef
-
SSDEEP
3072:rln/DrL898xyh6u2fliCNtd7i9tN0moPlmN9bJoz:rVW8cgu29iCND7i9tum0EJoz
Malware Config
Extracted
formbook
4.1
ga4
rivercitygoldens.com
seattlebarkery.com
jxsxdb.com
bet365o1.com
mynexthomedfw.com
scheduleyourintentions.com
vestingfacts.com
angelicasanchezpsicologa.com
constructorariedel.com
myabron.com
askthepotato.com
cuscases.com
dlrioata.com
ilikecircles.com
teamsters401kupsplan.com
79dzb.com
simoneventpros.com
cloversonglyrics.com
intansuper.com
gamefacesydney.com
Targets
-
-
Target
fb.bin
-
Size
181KB
-
MD5
93918c623317234901e5846540f3a43d
-
SHA1
a5b49aea492de5430b09fa6c1e07a43a28c92b9d
-
SHA256
8b23c3ddd235c8708c47bf3eec883a6f8ec12656680648400cb4733d9a14e762
-
SHA512
c85af20af3aaabc9dd0e7da5b6dabb923d02c29360b8edd9ce31199311b9723f59a5ba13cf344f5891f4a691f6759954de11c12c5005cc80a9eb87567c274153
-
SSDEEP
3072:TDhzK7wjZWfpsOjxl47KVrK6IUxg2ELN/pP8tGzb4JHg:fhEwYNxy7erK6IUhCt2kzb4JH
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-