General
-
Target
JaffaCakes118_08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8
-
Size
133KB
-
Sample
241226-2rls7atmhx
-
MD5
22650b54d608df14b7311bd474a9fbbd
-
SHA1
d47f71df62e5201921937ce2d6aed23a713779d9
-
SHA256
08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8
-
SHA512
ec0dd4350442b116d80b9cd492d1c3b7a3409defb3e17b84c151880b0df92868cc3bf826bbc7a668d62543414c8beb078907dd80ce757228a290ad98ab8d2a8c
-
SSDEEP
3072:szP7bNJ0iWZkanibClIxm/Y7bYnOnjh8XbzeO:sDrwkiCHxm/Y7COnjh8X/eO
Malware Config
Extracted
formbook
4.1
ga4
rivercitygoldens.com
seattlebarkery.com
jxsxdb.com
bet365o1.com
mynexthomedfw.com
scheduleyourintentions.com
vestingfacts.com
angelicasanchezpsicologa.com
constructorariedel.com
myabron.com
askthepotato.com
cuscases.com
dlrioata.com
ilikecircles.com
teamsters401kupsplan.com
79dzb.com
simoneventpros.com
cloversonglyrics.com
intansuper.com
gamefacesydney.com
Targets
-
-
Target
formbook.bin
-
Size
181KB
-
MD5
93918c623317234901e5846540f3a43d
-
SHA1
a5b49aea492de5430b09fa6c1e07a43a28c92b9d
-
SHA256
8b23c3ddd235c8708c47bf3eec883a6f8ec12656680648400cb4733d9a14e762
-
SHA512
c85af20af3aaabc9dd0e7da5b6dabb923d02c29360b8edd9ce31199311b9723f59a5ba13cf344f5891f4a691f6759954de11c12c5005cc80a9eb87567c274153
-
SSDEEP
3072:TDhzK7wjZWfpsOjxl47KVrK6IUxg2ELN/pP8tGzb4JHg:fhEwYNxy7erK6IUhCt2kzb4JH
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-