General

  • Target

    JaffaCakes118_1c3220824e17fa275784c1839823e1ad

  • Size

    672KB

  • Sample

    250704-p3e4kafp7w

  • MD5

    1c3220824e17fa275784c1839823e1ad

  • SHA1

    0dceac5a47b45e6907175895f01b3bc63209e5c9

  • SHA256

    209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb

  • SHA512

    4029cefb34a2624cc438ad9323a28077115ff018bcc5a40793030f3c2cfd5508c499c2037f5262e0e62f8a614d8c37cdfdd8b3b66d87aeb1355174ef0333add5

  • SSDEEP

    12288:k3+/K5LS77gb905+Iu71neklB2m+ScdKgyqlR4J0AunXN:k3+gxwMe0BtSYOR47c

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

fr

Decoy

eko-laguna.com

mr055.com

goldfingerau.com

lokpalequipment.com

silijian.info

netsuiteasia.com

kanpaicraft.com

connpan.com

anthonyinvestments.com

jp-plastic.com

dealscouponsday.com

santeprofit.com

vioth.net

ylcrm.com

catalunyaclusternautic.cat

tianyucha.com

maidonline.net

savethebaltic.com

yiotyug.com

dobro-group.com

Targets

    • Target

      JaffaCakes118_1c3220824e17fa275784c1839823e1ad

    • Size

      672KB

    • MD5

      1c3220824e17fa275784c1839823e1ad

    • SHA1

      0dceac5a47b45e6907175895f01b3bc63209e5c9

    • SHA256

      209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb

    • SHA512

      4029cefb34a2624cc438ad9323a28077115ff018bcc5a40793030f3c2cfd5508c499c2037f5262e0e62f8a614d8c37cdfdd8b3b66d87aeb1355174ef0333add5

    • SSDEEP

      12288:k3+/K5LS77gb905+Iu71neklB2m+ScdKgyqlR4J0AunXN:k3+gxwMe0BtSYOR47c

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook family

    • Formbook payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks