General

  • Target

    JaffaCakes118_7db35f373ff7a17469cf0e111a7ca2bc76bb172afe87d69e7ccfae173e7f6701

  • Size

    764KB

  • Sample

    241222-xcr97swlbr

  • MD5

    94fb3c23dc1b3e626e2422ec0c72fffa

  • SHA1

    fe1ae95bcad3d64c953debf5f577f8706d96ce6d

  • SHA256

    7db35f373ff7a17469cf0e111a7ca2bc76bb172afe87d69e7ccfae173e7f6701

  • SHA512

    2ffb84288834599e6eaf5b2019391220ea5aea00cc06053c0277094657c63d9d122be08b52b6f5e3f3f43e401348905aa560a3071ba29ee60dd98a28a1be3aba

  • SSDEEP

    12288:Squ4acuJI8ew9N3diIwVzt8PvQqvfdcENLCrT8+90KP9hKhAO7dUBH/472nnqgt9:Ssa6Pwn3diIwVzt8FdPCf8g0KJGdQu2l

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de19

Decoy

predictivemedicine.life

coloringforthepeople.com

project154.com

usmmexchange.com

bootzxon.com

chaoge730.com

thenaci.com

moviestarplent.com

musicallyengaged.com

sneakerspark.net

yudist.com

apqrcx.xyz

traceless.tel

guardlanavionics.com

usadogrights.com

openei.club

aventusluxury.com

telewebin.com

godrej-threeparks.net

solbysol.com

Targets

    • Target

      Copia de transferencia bancaria.exe

    • Size

      971KB

    • MD5

      8ee464229bdaac78e1354a7ff334af85

    • SHA1

      a566511090198f92b82e07c1675b256f6c91e923

    • SHA256

      8095979c4153bbcced38a6ee12589fbb67f356535a91cf22e26413ee3f1c4e34

    • SHA512

      836274df2b83188718400c22b71becbf445d2f128cdfbc342cb62cb3655cc70441a638705911c449f500748e7be13082a11ac4d261a03e9c805cdf10e3e1ab87

    • SSDEEP

      12288:Ntcg0r9tDZddpnLnv2hVSKRytHxnrceHMcrIaPy1FTAUI4kSxv1/:Nt893hSh0K0pxVIaPy1FW41

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks