General
-
Target
JaffaCakes118_140c67ee8edcfc2c04ea4312e95f80e0
-
Size
252KB
-
Sample
241231-magqkswjcx
-
MD5
140c67ee8edcfc2c04ea4312e95f80e0
-
SHA1
6bed70dbf578dbb8befc44987ad8b5784a5dafb0
-
SHA256
299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
-
SHA512
0b2c4a2cc7acce08738e30dd4616f4a32fc187042ffb0c9b8412dad56ee702fedc22581149d8eab6cf3e1da9953f698ca8053757a1daebeedd0087b596c27479
-
SSDEEP
6144:3lBfxXRVUCFo7xHJ7SmvHRVz4JmDlbiwv:33VUCFotHJ7SwnzHpl
Malware Config
Extracted
formbook
3.6
pe
ilikeshoping.com
websitetestingservices.com
tantradesoie.com
narcissistory.com
fapgame.net
iryrv.info
contextre.com
mosala24.com
alienpokeragent.com
lqjwq.com
musica.solar
tipsatransporte.com
kawanparjo.com
onsideadvisers.com
rpwfj.com
9ldhh.info
dancewithsalsadivina.com
resurfjeans.online
smoke-cicle.com
battery365.net
Targets
-
-
Target
JaffaCakes118_140c67ee8edcfc2c04ea4312e95f80e0
-
Size
252KB
-
MD5
140c67ee8edcfc2c04ea4312e95f80e0
-
SHA1
6bed70dbf578dbb8befc44987ad8b5784a5dafb0
-
SHA256
299dd5c3192a96d29e2eacb650c5235a4aadc3e7ec921e89940fb77519700d66
-
SHA512
0b2c4a2cc7acce08738e30dd4616f4a32fc187042ffb0c9b8412dad56ee702fedc22581149d8eab6cf3e1da9953f698ca8053757a1daebeedd0087b596c27479
-
SSDEEP
6144:3lBfxXRVUCFo7xHJ7SmvHRVz4JmDlbiwv:33VUCFotHJ7SwnzHpl
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook family
-
Formbook payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-