General
-
Target
JaffaCakes118_38d13c92410cb9fd28141c1880272395d09ea2c173ed6de052f04f1c6722530d
-
Size
561KB
-
Sample
241223-yjdk3ayrek
-
MD5
d8c75dd1803d1b5ddcecf7f8f3424fce
-
SHA1
c25dc9877d70e3e0b5987897faeaddf10c3959b2
-
SHA256
38d13c92410cb9fd28141c1880272395d09ea2c173ed6de052f04f1c6722530d
-
SHA512
cadc7aed2b31891ddd1c2be94b1cdc8c383e59a30bb57aa3fe26808a93ed193b828bfdd223dfab2ee541ee243f8b4998aebdc552277197200b0b265a5afa1f25
-
SSDEEP
12288:ia/7Ij4y54RbvSLnqKEYXqYUcO7bceKfVjNT6QENyx9e/qJGS:F7IjwGnqlYXtO7dqRmQENyx9eSp
Malware Config
Extracted
formbook
4.1
d2g7
inviteonlyme.com
noashopping.com
raysyoutube.com
chicagp.com
brnguatemala.com
speechboutique.com
philippinepodcastdirectory.com
konnecio.com
9q1ng6.icu
treez.info
appleiclou.com
pettras.com
txherz.icu
freearcae.com
mindpetalsoftwaresolutions.com
my-beautiful-switzerland.com
hpzebike.online
fadsekclub.xyz
newcastledhaka.com
varidsk.com
Targets
-
-
Target
orden de compra.pdf.exe
-
Size
714KB
-
MD5
f8c2ed068b19751db85c91aeef0a3c40
-
SHA1
e3ebf312f0e7ef027246c2f6527cc8029b257d90
-
SHA256
6ea29798071a1323ec1298b4d1f5aad63318d2c685637239b9d67768744c7978
-
SHA512
a5094444d4608b8bf51a765875209816645758bcd1003e65f7e3ae32c64a3f6d021973ef84976ee86cc3b0f1606c5d288502fc96dbbc517501b38cbdbf6471c8
-
SSDEEP
12288:KTzDQZ8Lx05Kh4qpgZ0o4yPuasknvGPiGwc6auan4yicWApbMGlg6:vZ8NSK+qKAaxn4Twvan4yjrMG2
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-