General
-
Target
JaffaCakes118_2b5f20bf3830cdd36406a5b805a1c21a2df77d7fe5b5f0a80a3f97e5dc9756df
-
Size
610KB
-
Sample
241227-cz4arszmax
-
MD5
fbdd06bbff98765d42af12b05ba1c3a4
-
SHA1
18ff7463f460b61ac44c271b917e06d7328d18b9
-
SHA256
2b5f20bf3830cdd36406a5b805a1c21a2df77d7fe5b5f0a80a3f97e5dc9756df
-
SHA512
40194bec2aabd24076915520f1245706529691a8531dd9c610038ebce2f769d224636b9763f1e27b4c0de6901699b1401ed41176182a02d09e87f68a05a596a0
-
SSDEEP
12288:EmKW63TJAEIWEJzM/K0gkyoCeRKzrWqaBZ2JjcdDUaOH7/ZJyriUA5:XKWUJEWEVM/ZgzyszrvfjIDyH7/ZJyrM
Malware Config
Extracted
formbook
4.1
sn03
bridgenorman.com
basketexpo.email
melayuxxx.site
teckhockng.com
artisanvillage.life
web3booster.xyz
avxoco.com
magicgene.xyz
jasondeng.space
beh2owxwsm4j.xyz
modabet608.com
biscottiplans.com
forestaquatics.com
remonte-moebel-planung.com
wycosau389.xyz
srsea.xyz
we-vegotwhatyouwant.com
jc3jw80xfifi.xyz
msdigitalwesite.digital
chairbornegsi.com
Targets
-
-
Target
IRQ2107798_pdf.exe
-
Size
680KB
-
MD5
82bd4c01ebb56d4e838dafea4ca369a6
-
SHA1
da828300ae92f1ff46256ee8083d1b11a5f1e352
-
SHA256
e0c7519f48b2a37fca3ee1407808121685915fb1243a1ba217ea1663f9119ffd
-
SHA512
cb9dac5456d02890952eb28efd4717520bd60c8a171dd34a1cae30dd6fa55e3afecc41e84de54fa5ec377b16866021d5eb4a33478c8498f77898fa306e2e06a4
-
SSDEEP
12288:6rXpUSlB61512158AahA4wk3/ZnxMTjDdiWA9izA4pBqXodAtOlazgTSFcDXQ:sXpUSlB6151215H4A58RnxMTXNqXoUPQ
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-