General
-
Target
JaffaCakes118_b25586519bcbe317ffc766468e0d7d5e05a566d0ceb12def074a0816440f1d96
-
Size
241KB
-
Sample
241222-m499zsvrbw
-
MD5
47bf059e9f59a0b5585a28966c8d34f3
-
SHA1
4056964286dc128174c9a81cdd3e3bcec9289f00
-
SHA256
b25586519bcbe317ffc766468e0d7d5e05a566d0ceb12def074a0816440f1d96
-
SHA512
9f17bb2c189694151d2eb874a413c973b4ef7b7acb65d6acedd323b9e88f6a3a1dfe9a713a100537159904ce142f44c9baef129f3e4f7561d3b4073272040edb
-
SSDEEP
6144:IiJHCRZ3PyBRD/3X2ESLy/DA/uUhxR/XcyiRg+msiui6tQ+A:b8RVPED/3X2ExSuUfRvco+muisQx
Malware Config
Extracted
formbook
4.1
lt0h
originalindigofurniture.co.uk
fl6588.com
acecademy.com
yaerofinerindalnalising.com
mendilovic.online
rishenght.com
famlees.com
myhomeofficemarket.com
bouquetarabia.com
chrisbani.com
freebandslegally.com
hernandezinsurancegroup.net
slicedandfresh.com
apnathikanas.com
chadhatesyou.com
ansilsas.com
in3development.com
nitiren.net
peespn.com
valengz.com
Targets
-
-
Target
bothb4762.exe
-
Size
291KB
-
MD5
e40716ec136991058a86358953c71a27
-
SHA1
08401ceead3c6cbd5e4d187b29b6fdf9725cf63d
-
SHA256
f1e8731c7e1849989749c9ff23497e310025a9536fea8d25ccab050db2fffe33
-
SHA512
a6cd0a9194da99a1dedbc1d99b0bd600a055aa1b9478a1d7831ab88e64dd0216b11eef0d24c128bcd77d0e68273fb961f1ff8ff230056379ca48108a64d25b11
-
SSDEEP
6144:MfAn+VymyRH+jffLf+4J+8IiTA7PmgtZrZ+XWlu:MfAOBYejffLRw8IjjrYGE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-