General
-
Target
JaffaCakes118_a2e050c860a8e1cb1db99e4d572faf7733dfec1b3e78f923baba70328c984d42
-
Size
617KB
-
Sample
241223-sdjbgaspfw
-
MD5
a82900bdec0b1fb5743bc6a6313f7cdf
-
SHA1
b2c894d91fe09408b4707773785d031a88acd181
-
SHA256
a2e050c860a8e1cb1db99e4d572faf7733dfec1b3e78f923baba70328c984d42
-
SHA512
78c6e46aabaa9b71f219d2196aeafb2a88feec9f5c7f4d6430022deef9782540473155745aea9ad7d155eaaefc507481252f4d3dc4bf7ec250eb74d3fc16b2d2
-
SSDEEP
12288:miXvMjdb3BV+snIe29RBTEdG6gAwYN/VHX8XfxPiXUVV0lT4zJxZ:BEj13KsnF29botNMMXWVu4LZ
Malware Config
Extracted
formbook
4.1
p63n
personalrecargas-arg.com
headsetaccessories.xyz
sunriseboutique21.com
ubeafrika.com
shopnyoot.com
driverksa.info
ilikespeedracer.net
akdambakdam.com
bethe1responder.com
gfhd.online
n9bot.site
hstyz.com
buyresellerdomain.com
matoaciganjur.com
mainlineb.com
q385-yogen.net
squamation.top
thebeardedcrow.com
cannaverse.xyz
cracksoftpc.net
Targets
-
-
Target
6e294639b9e9dec345a4b9bdeb29bd5695ea2d84e0fa88633ece9e7e88ad2bb4
-
Size
837KB
-
MD5
ca25cc1a0351513cbb0bb70343b03862
-
SHA1
69bf7182f7cd72ca775be7736b843345efbbdc0e
-
SHA256
6e294639b9e9dec345a4b9bdeb29bd5695ea2d84e0fa88633ece9e7e88ad2bb4
-
SHA512
95d81f55e28b658cb8b6a53ab0d0601b49a2764fdb5e4f4a163fc88ba66538cc97ce11207b49c2f12b4ff9ecbbc3cca5d31f6b07c5113be80f21631cac7f57d0
-
SSDEEP
12288:WEoKggb2iNdvpc++HRBTEdG6gAGYN/lXXE5fRPcXUVtSlTOzYM2TgN/0s:zoKgK1XpSHbgbR04XWtUOmgi
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-