General

  • Target

    JaffaCakes118_fe2615c81a8d52eceace768bf2a84219cca0b13b03db2f0eca272216eceb2e11

  • Size

    347KB

  • Sample

    241230-wtsrmavnat

  • MD5

    7af72059cf752efa17a85ec7de1c6a12

  • SHA1

    f15acb7fcc73816b64c51b3926e9b0613a301aa0

  • SHA256

    fe2615c81a8d52eceace768bf2a84219cca0b13b03db2f0eca272216eceb2e11

  • SHA512

    5fee60a332ab1d847d77d7a44f71bd63093d78b2d8eea84b3454d586a1657c247ee037706fe7e6192810fd9a074bd61951e142e0505e1c1bb00ec1ff52042d9d

  • SSDEEP

    6144:NO0OYFPdhrTyuE6AJ97fnq+WwxMus0c0wyjEfcZacMqhrMwaRl7QvibfimHQN8Xz:g9Y9dhrTyAAJIWxpcbyjdZacMqhrMwy3

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rzt

Decoy

travelbykeystone.com

gardenstoresupply.com

tobelias.com

thecosmicdna.com

lmshawaii.com

icorn.finance

afontoto.com

usbracesbest.com

unity-title.com

kindredanimal.com

milestonecms.com

aljazeerahlounge.com

jokcreates.com

justjazzythings.com

tiktokbestdeals.com

ww-marketing.com

humblehousekeep.com

alloreklama.com

cranecurrency.info

maraisman.com

Targets

    • Target

      2.vexe

    • Size

      431KB

    • MD5

      39f5517cde8252f68c878e5956071441

    • SHA1

      336464c016ef58f9e82075754f200dbe59b593e4

    • SHA256

      7cf9a8e9f9164be0f93bfb8810892a0dbaf5f7748105a8375afa3cc558f9d940

    • SHA512

      a9f6960f08dd58cdeb5323d8f5d7e12439de61b1f83877a916596a3acb72c6e2bfdf6865da623c9c7bec2996e02446d029ce7a53e2b35484be31468b477d97a4

    • SSDEEP

      6144:kmdYfNunWu1IA2UcaYYeAJ3NSMv4DKj1EulrsbCwOI/4WJUsJw3Gp0Xm2YcHYeQm:PDWuqUc5ohNSA4s+uGz/Li2WXm2Yo

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks