General

  • Target

    JaffaCakes118_008eee66fc8358a7cda63d1e33042f3306e853e85864083cb600257a60bd615f

  • Size

    1.1MB

  • Sample

    241225-a319gasldy

  • MD5

    a74738e3f4004db9775180862d5740ae

  • SHA1

    704fb8a290fb546cbe9bafc9ea0cd3e0f65675c5

  • SHA256

    008eee66fc8358a7cda63d1e33042f3306e853e85864083cb600257a60bd615f

  • SHA512

    2c32c5bce800dcb71f39688c87d083f2b417d95c82d208e96e3a4451b2ef60489493cf7892a17c24e3ee2de10cfca9d3774f9356abb5f5b81a8ba44d56ecab6b

  • SSDEEP

    24576:JMhOIl9kkc2fOVeTk0L/WRtNe5uFp2HBjugcIttc3GuQ5:8OMkd2fsw5C8E2HBRPtIGuQ5

Malware Config

Extracted

Family

formbook

Campaign

ubpr

Decoy

ptpVli2do9q89N0=

+CSLnNslIIErRTE3deUw4HXnuqwqG4+WpQ==

5IBw+rDmyajH6J9b0Gc0

ITivu/UzzGQKCQ==

qNw+VJ7Ni+WT3pA2e/8=

6VzmXNT+607aCN1UmHCt1CjO

a+xfszZjSqdZhCfX5fXnJkJFIsuN8Ns=

DLyp4MD0xUCL6olI

kysKo0J45suL6olI

oE/eN+zqkP2lyG6YYSalUA==

Rko77gUFcKTQFA==

cW14AsnTkUOf0N6ODWjpj7S6nRI=

M9yx/sTJbmx2vzUeWQ==

SQJdWnStlfaz6J0M04r3MN8=

FLhBiiYfyjfZFOdgHU1SfmVhAGgV

nKgaME1YHRs+cHTkn4oI3ibO

vuZIRIyKMaBGiUl9iaiZxNc=

UPnZdBQV1nzxKB1N

iARlleEZxTSL6olI

w5hz+KfftpWkwox0yH7vo0GrwW7RjWVk

Targets

    • Target

      a52d0bc31a250c5dd5c84c75fca9b965955297d20f582d79849c17fb59c4c04f

    • Size

      1.2MB

    • MD5

      8f6f8bc43de5fbdddedb774a22e3dca1

    • SHA1

      3f48029084649e39963710b0ae114b4663d48e68

    • SHA256

      a52d0bc31a250c5dd5c84c75fca9b965955297d20f582d79849c17fb59c4c04f

    • SHA512

      ff48e557c37a8ebda2d9504727681dca35353003e87369e5462fb20a1c4746fb998200130b23518288a2bf7c4af06e8853937251af7b2c17e94a46d39b991797

    • SSDEEP

      24576:7AOcZX4ctcwhwheT60L/2NgeSMj5HHeg/cbGOSMIEn:dPwhUwvfe/5HdYGOSMV

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.