General
-
Target
JaffaCakes118_6259cdb287b7e4ccc0c94ba02ce90415c7c870848c7a85b77723dadcde980310
-
Size
508KB
-
Sample
241225-c77yxsvpbt
-
MD5
dbf8a21cf57eb3649815684aa26c3df6
-
SHA1
e8f067c1330b23eb13adb33cba9123915ccf2324
-
SHA256
6259cdb287b7e4ccc0c94ba02ce90415c7c870848c7a85b77723dadcde980310
-
SHA512
ba197fd316ff9c59263d626b156983da5e64ac5388766a830f2df088c6207fc7498090f4a6deba78cb82d3672d0dcfc3283babe1d14e592413cf3f2d80ae3ab5
-
SSDEEP
12288:4zLS8Slv/gtyZNhC/W6QFGt/kLn5EkIAaCHUdflzlilLjy:4ggETY/We/kz5XIAaay25y
Malware Config
Extracted
formbook
4.1
f1s1
dapps.estate
pgt9u.xyz
standoutmarion.com
wk6dr0w3wachi.xyz
graciebarralibertyhill.com
gruenzeug.biz
pannen.xyz
project-foresite.com
xtlvyou.com
magpie.asia
aomih.com
rockellar.com
indeecast.com
newbriswaberkah.com
rosecoolupholder.quest
agffeahqq.xyz
elboutika.online
thehubwub.com
8cycle.solutions
cubied.com
Targets
-
-
Target
c051df779b1823d423877e93d930056050b6b817948e3377405c8b8087566d0c
-
Size
750KB
-
MD5
5678d33c2d6c778d533ea9df8105572b
-
SHA1
2cf4b4b47ff854af37c7b930dfdb1a9b44e70d1e
-
SHA256
c051df779b1823d423877e93d930056050b6b817948e3377405c8b8087566d0c
-
SHA512
7981fd5cbc82995c3f12c55348bc0e73a94f9827a5f087ba8686c6016cc386151a158bb2423f42e61e9ad17b69b349ed9a31da3aa07eaeea03a65c4127e5fafc
-
SSDEEP
12288:/gDBdSpuu7l3MnVPxlbwtNH22qla5w/yXbxpVpami/yIyqS5mdeBFf:/gDBCuYliVPxVeH0MW/IbxpeuS2Ff
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-