General
-
Target
JaffaCakes118_75add202d0520f348bc4a422dd1969c9a3fe0e6162379618520f6aec3930321f
-
Size
671KB
-
Sample
241225-sjn4xawmaw
-
MD5
69035e66845d7330f902360b85f2ee84
-
SHA1
2de9e232d12cb1a48972472b3b25fe0fc5e84806
-
SHA256
75add202d0520f348bc4a422dd1969c9a3fe0e6162379618520f6aec3930321f
-
SHA512
98c90fe4438f5d151c6c4b87eb3c61bf35bc2c2e15fb838f5c2d72b9295e1638f5285f2670671f26ad77bb09a02662d7e9945e3fbfa387674c91e57782aabd1a
-
SSDEEP
12288:+tKTaJjjFVdnyWjTJuK6KJY0dBMV0g9KkGFl+y+Si6xA5pEcb:OPjZN51BMV79KkGaKi6xATEg
Malware Config
Extracted
formbook
4.1
m21d
ffewv.com
romarg.investments
icoproject.net
syrexol24.xyz
tyxa0.xyz
worktime.website
oilysquat.sbs
hainihaoxx.top
apimarts.com
agorainvestmentscc.com
happyhorsegear.com
373145.uk
3commerce.net
2561havensdr.info
thesolosearcher.com
gwo888.com
luxefofriend.site
ascendarrays.com
diorbear.com
newsforthecolumbiagorge.net
Targets
-
-
Target
898119779925cbf127343563ada43028f69dcc47b1a50a8ca5a8b1e5a48455ca
-
Size
1.0MB
-
MD5
ac2855184f7d04050f0eda9b69ab3e44
-
SHA1
073c2d08b6e2816dce26c0684faaf632193dab7c
-
SHA256
898119779925cbf127343563ada43028f69dcc47b1a50a8ca5a8b1e5a48455ca
-
SHA512
f2142500b6e1966d739373c0abd5734eb4df749be8f3b12cd90f32631602c78e803a7b19995c8ea0156f9979ae60bde42a96d61c3ee0b515c931e26a5271f54e
-
SSDEEP
12288:/WHMZAWd1lcAWd1lGGDbTKTxnnaAym1pj+INy/FYJR/A/259nqgxiaUc8+bCfeKs:AIFqF81bpc/6Yu5WwqQ
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-