General
-
Target
JaffaCakes118_eeea861b682bed10d258c2287131d406994d8ee0aa3976fe613f69c9dffe2969
-
Size
666KB
-
Sample
241225-f2pf6syrbl
-
MD5
2815c54f4c64efa7e3dee5cd9ceb47f5
-
SHA1
89f6380eb1334e6c0e48977ee6b713ed7a6c36e9
-
SHA256
eeea861b682bed10d258c2287131d406994d8ee0aa3976fe613f69c9dffe2969
-
SHA512
d63f073906a15c1364c51dbcee3dbf14a24457e90a1cfafc5fcd5d88f7adf3b664e2264ca09960a306790b01deece5db80951bbc977d14705bdcdb15887fe7d4
-
SSDEEP
12288:ziCwMKcXCs7MD04nFT1Q8ixCIwAMunLc3C7Sn1lT2L5m3bV55lEkOi7xkz:zi/MDXJ7+NnpYwR+LErLT21m3v5lEnCI
Malware Config
Extracted
formbook
4.1
p0t9
marketplacewins.com
boymeetsmilf.com
ruhuplus.com
adultescortnft.com
app683.icu
viade.store
businesscardadvertiser.com
5649tk.com
daoguo456.com
digitalservice.pro
muabannothienuy.com
geneseeampwyoming.com
olliejay00.com
pristineintegrity.info
jimdeyux0kopgnhsldig.club
eadsscale.club
iwelim.space
s29x.club
brysonhajee.com
trainership.com
Targets
-
-
Target
98a0baed911fcca09a50dd4dc17f6f65edf26cc6d834681b1d2a270bfbf3f45c
-
Size
770KB
-
MD5
cf6c56346d93fc10443e9261c797746f
-
SHA1
1702b84ce180e96d166834cdbd83ed71a8f16aea
-
SHA256
98a0baed911fcca09a50dd4dc17f6f65edf26cc6d834681b1d2a270bfbf3f45c
-
SHA512
228f275ea0c886ae74ecea22eca47535998c4d69284348db110f699a368d971ad7a16f8aa3b1fdfea98866082d8bfdf8fe144bc4ebea26d32a42d062d6fe30dd
-
SSDEEP
12288:U5Vko2KEJCq7MD0WnFTXQ0ixKIQK+uBLcnC76n1lT2L5m3bVpHlEkOi5:7JJH7+FnVCQL+LW5LT21m37HlEnG
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-