General
-
Target
a4a7f929c06bd4078c69a7dad2e126ca_JaffaCakes118
-
Size
444KB
-
Sample
240613-kg44caverq
-
MD5
a4a7f929c06bd4078c69a7dad2e126ca
-
SHA1
1fb11adfc3dda19bbad1f96b9afe35dd187c06fa
-
SHA256
9feb83ef41e9933adb8cbd4b2f60dfc952cb75717c18c591726c5d68f3ef5cb8
-
SHA512
8323e956d33454f35fa28aa2dba137b59bed1c4236b75483e0b6cd534343ed41a88b9d438fd29aca0bf323e94d26309ff62efe5a5e0a01289dbc82c52bcfbc88
-
SSDEEP
6144:JYx/VGfxaMFJdVhJNyu1Jn/jEHRUz5ZiuJEgN5s6v9osqrgTxXv0dQDV0XmuUjPq:JKOJ1KuDZz5ZlLN28LogTxwQuXmuUW
Malware Config
Extracted
formbook
4.1
4kx
tenghuab2b.com
docperkins.com
xn--8qvz5k.com
wahgig.com
lesfantomesdelopera.com
ableaccessdesign.com
fraubergtour.com
conjoo.com
colemix.com
ijmpennsylvania.com
viagraboysdownload.com
primaryancientgreeks.com
mavericktourist.com
cezhav.com
zapjevajlive.info
yvpol.com
moonoka.com
pengodam.com
prubobhatton.net
exanyu.info
Targets
-
-
Target
a4a7f929c06bd4078c69a7dad2e126ca_JaffaCakes118
-
Size
444KB
-
MD5
a4a7f929c06bd4078c69a7dad2e126ca
-
SHA1
1fb11adfc3dda19bbad1f96b9afe35dd187c06fa
-
SHA256
9feb83ef41e9933adb8cbd4b2f60dfc952cb75717c18c591726c5d68f3ef5cb8
-
SHA512
8323e956d33454f35fa28aa2dba137b59bed1c4236b75483e0b6cd534343ed41a88b9d438fd29aca0bf323e94d26309ff62efe5a5e0a01289dbc82c52bcfbc88
-
SSDEEP
6144:JYx/VGfxaMFJdVhJNyu1Jn/jEHRUz5ZiuJEgN5s6v9osqrgTxXv0dQDV0XmuUjPq:JKOJ1KuDZz5ZlLN28LogTxwQuXmuUW
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload
-
Suspicious use of SetThreadContext
-