General

  • Target

    JaffaCakes118_e85583b8e6410011f3b3525a736a2ec319341e9de60c91f9715efedad0f93e73

  • Size

    609KB

  • Sample

    241229-n3ra6a1ldq

  • MD5

    8ffa08b9136fd26ec446a594bf75c584

  • SHA1

    d9806bb060ce5b4ac49e679d661c1bc26423a112

  • SHA256

    e85583b8e6410011f3b3525a736a2ec319341e9de60c91f9715efedad0f93e73

  • SHA512

    9d1c434af796ce1e1dbe72697ec4f0ba755508cb0fd744a7338aa1cdcf9b7d4bd385fa60ce803760d32a628cce8a2ab8dfd7cf20395adc453d09fe32afa055f5

  • SSDEEP

    12288:+qkeHLrkRWEZUxOFhryazYPwKaR7TP7tEqxmwU2dV:+qTMUMhryaYohRnjtBxtD

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Targets

    • Target

      New Order.exe

    • Size

      952KB

    • MD5

      4d09db613404aab1e08286b92cb94cc0

    • SHA1

      1a5a37536041c0e3e9bf77cb2fe5e489452f59fa

    • SHA256

      9ad55b6338e0f2a6d564db4ee5d05b275c07e09a02421e9a928f38e8fd16eda4

    • SHA512

      c36e3b235711466bba189f80e4efef48b5d14a4150c5c18b437a9791392f65265b6e43990b0d38455855c7b06f0bede72a0e69b25245ee079b20fcb48bd42dc1

    • SSDEEP

      24576:Lz9I1d/PAdDyV28FoTvqXdO3dx3cpmcF:P9IsDyVheTCSd+pmk

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks