General

  • Target

    JaffaCakes118_000fbb9379bdda21b13785e8c7ec32db8ecf29ad381b5da61105c0ba52f422bc

  • Size

    374KB

  • Sample

    241229-rg3nvatkbl

  • MD5

    9ea121bea5e041228a823db0ed28d645

  • SHA1

    4932e5f9ed66d7c791fe509c167c7e083ddcd4fa

  • SHA256

    000fbb9379bdda21b13785e8c7ec32db8ecf29ad381b5da61105c0ba52f422bc

  • SHA512

    6df3b40967ce41047c6ee7b4ad8b2bb561c01d19e7e80747bd063e0e67ae22d445fafbe864544f9f24c080e1f7ce35201de98e2c9b108ef0de9cba0db11077d7

  • SSDEEP

    6144:NM5cv4g7wA/0VHTSbzmrnYVloLJZaewqsc5tSJkbyDVj1gp6Mhp0peGMnynskmpu:N+g4gMAcVHTC2YclZ1IJk6KpgYAmYcYn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zymg

Decoy

1656heidorn.info

hnsymedical.com

annetteworkstars.com

nepgdivv.icu

shiboguangong.com

ribbondev.com

thegadgetheaven.com

aggtekstil.com

smoprogramme.com

gapmcs.com

alqaedestate.xyz

scottbruce.info

abilitytoachieve.online

cristamacd.com

itekapp.com

djretro.site

radiodigitalgroup.com

realestatelawyersacramento.com

retirocard.com

packshotanimation.com

Targets

    • Target

      607995b16cd6300fde94e5613d5c708331f0e7b2b91ea6210a0f6b3a5cbdf64f

    • Size

      409KB

    • MD5

      2117808b6a0ded968c7f8f05c44e928a

    • SHA1

      d165b25231a02318f183544701ff88663cf33810

    • SHA256

      607995b16cd6300fde94e5613d5c708331f0e7b2b91ea6210a0f6b3a5cbdf64f

    • SHA512

      0b5ecb350af8c014e3663604880c86c232cf20e980f59dec8a47e68b6ccbae41ec519723e525f0f8defdd3b37604675b6086f17f7a44c83eeb7e11ea0a7ac88a

    • SSDEEP

      12288:40l2MJpjoRafuVY6t9Mawdbi/vI+mvJ2:4utoRzyKVwyvbmR

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks