General

  • Target

    JaffaCakes118_5fca809996d591928d049265b97cf7a05a96a24eacb8c8d1d7b20b4d36dd4dd9

  • Size

    981KB

  • Sample

    241230-x2z2cavlbr

  • MD5

    f8ee97d6ef9988decebc88cca60fd7c2

  • SHA1

    e3fc3eff2985d1829cc5645e0021f1e4080ed2de

  • SHA256

    5fca809996d591928d049265b97cf7a05a96a24eacb8c8d1d7b20b4d36dd4dd9

  • SHA512

    3a28300d96b38ec5392af4a2ea85bc28966f8efd7864a9349fcfc9ae887995d8a977b845737d96d50451cdf5974e3d50f55b987dc00069e64c4b31a48e4eecc0

  • SSDEEP

    24576:R+IgkRZch57HZIS4tZXtN7NVb3Cgd56Dhs66w6P8XQYRZWHXD:R+IgCZcfjJEBtoPW3mZW3D

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kz21

Decoy

affordableshopper.com

federalpensioneducation.com

nguyenphuc.xyz

tbryantnotarysvcs.com

satgerv.online

yis.xyz

sailing-dreams.online

saairconditioners.com

compassioncommunity.net

vickyrubs.com

uniqueprorental.com

xplus-main.xyz

beforetravelthai.com

mentaltrainer.net

bianko.xyz

postsandnews.com

stream-king.com

citizen.guide

lasuiterennes.com

elektroexpress24.com

Targets

    • Target

      PO 211208-0211A.exe

    • Size

      1.0MB

    • MD5

      4932a1d01ae69c90fa06963bfb368884

    • SHA1

      8ffbda9ba7d5d81ca7ca3714ef84f272181192cd

    • SHA256

      55d83cadb3eaa23b65912739a821a03a28186b5759528e1038a46c113db28614

    • SHA512

      22d5b1470939ff871eefd1be57837af61beb5a9e59a6b5b156fb8067de377430b4419d90f593a72d6faffb4c9d09adf8081623f97cd7af8f5fe1a27173e87cf3

    • SSDEEP

      24576:X3ddXRqVJYmmjuIgAUIMN3AkbNjegVn67zK86/hgI:7zuTge3z560mu8CeI

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks