General
-
Target
JaffaCakes118_f1a2844073e4ab6c17f8977c8a114de63767c3e3c8ae2595d0efbcdfe8133859
-
Size
615KB
-
Sample
241229-b6p62sykhw
-
MD5
f4a12ac3de7a219ab27058bd1efa21e1
-
SHA1
2d0755d94239877dd4a08ba7f3c4a88a7dd8a132
-
SHA256
f1a2844073e4ab6c17f8977c8a114de63767c3e3c8ae2595d0efbcdfe8133859
-
SHA512
da894540a7fb386d196e4c7b0432b4e5da4086fdb592939b7d410830d87f99f5446bc2281cc2b92fbfb341c120f86e6075529c095055d06abea9eb73869fee49
-
SSDEEP
12288:8OwsNe8M8BfZ8EjfuFnIPV7TVIbHW4MxmZNAC/MuC0u73dO5I8WE7O1kd:msNK81yEjfxTIbpsuY73Y5I8WE7Zd
Malware Config
Extracted
formbook
4.1
ja25
walkinet.com
shuifengshi.com
slowbarcelona.com
memc-gvo.com
bloquo.com
aurelashesbeauty.com
makepassiveway.com
kguvpkh.icu
benny.industries
t04mo9.com
getafurnace.com
earthadventurers.today
partsgt.com
kg0sxa1.icu
p7lzww8m.space
sarkariyojanayain.com
asp7ex4.icu
kg6u7ik.icu
h2butterfly.com
herdesirablepleasures.com
Targets
-
-
Target
74a098344fb282c483eaae1b536e90a6cbd78cbb8a7c4857bac3d65e05e70c75
-
Size
775KB
-
MD5
3d2aa96e0c0fc96e532f8de3aab5b129
-
SHA1
c796b358eef688f21e84a8664356fc6120158d78
-
SHA256
74a098344fb282c483eaae1b536e90a6cbd78cbb8a7c4857bac3d65e05e70c75
-
SHA512
de2b4f5e16773db49261b05d9f369b054a5ed6e654b2be5aa35c279b10d34ef9d0ab5e0fa0207ee11e8597f61f14b1355f7f3ec2f246b86119a6658fc87785da
-
SSDEEP
12288:/D1XDTyUGFpTwCDfwR7N1ljwV17dZixJBFqDk1ILuFatDGpYlmVqX9lxAzx:5vtaTweoR7N3M77M5GLH3l9lxE
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Suspicious use of SetThreadContext
-