General
-
Target
a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118
-
Size
881KB
-
Sample
240613-bplgjasemp
-
MD5
a3553c3a25028d72c2e0b256c566fc62
-
SHA1
8396247cd7f45565ceea3e40bfec58081761d510
-
SHA256
e9c75f9f951a7bcfbd1920d431ccc152b46e47af8b79e9040e95cb33402d017e
-
SHA512
2ac529bf6141b147eefe04db1065dc2d40ca8ee71d1210184e40e6cb3add1f6dad82e876ccde0c4034545341dc3d6b61ebb12e77353fd19d38821ea8ae3b78f6
-
SSDEEP
24576:f2O/GlVZNLsi1BOLQN0QeznLOCLs2lQlZP69e1:cZVWLSGznuri94
Static task
static1
Behavioral task
behavioral1
Sample
a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
3.9
eb
mainstreamhosting.biz
warp-speed.email
valkyrieuav.com
darlingweekends.com
beyazs.com
kreasidesain.com
trod.ltd
njbarberbattle.com
mono.guru
danacoquangnam.com
acuaspring.store
quiclkiestores.com
indycdandvinyl.net
innovation-quest.info
myyoutubevidz.com
findmysuperhero.com
clipvuicuoi.com
hemerasexperience.com
meganoti.com
hoezpa.men
parustraffic.com
franklingoldmann.com
918nlev8.com
seismiccoin.com
kevin-vargas.com
masterfid.com
aprivate.network
stages.wales
scpxlw.info
virtualrare.com
steamedxxx.com
theselftaughtseamstress.com
awsdba.com
rebertarim.com
aafulong.com
hhhav49491.com
yup-igoingg.com
buckeyetastethetraditions.com
man630.com
onlinesubsea.com
soundscrystalsvibrations.com
circlelick.net
itouch017.com
jungtong.com
imperiolola.com
astro-lelab.com
cameltrains.com
miwue.com
lsyxgc.com
vatconsultancyuae.com
makealivingfromyourcouch.com
etbsa-drones.com
13z5.com
1s2l3l.com
internetmarketinglifestyles.com
zghongsp.com
quantumagora.com
frankomondiportfolio.com
alphapartysupplyrental.com
draracelytv.com
portogusx.com
thistlekidswear.com
jesisojolikol.com
raydatas.com
ntwireds.com
Targets
-
-
Target
a3553c3a25028d72c2e0b256c566fc62_JaffaCakes118
-
Size
881KB
-
MD5
a3553c3a25028d72c2e0b256c566fc62
-
SHA1
8396247cd7f45565ceea3e40bfec58081761d510
-
SHA256
e9c75f9f951a7bcfbd1920d431ccc152b46e47af8b79e9040e95cb33402d017e
-
SHA512
2ac529bf6141b147eefe04db1065dc2d40ca8ee71d1210184e40e6cb3add1f6dad82e876ccde0c4034545341dc3d6b61ebb12e77353fd19d38821ea8ae3b78f6
-
SSDEEP
24576:f2O/GlVZNLsi1BOLQN0QeznLOCLs2lQlZP69e1:cZVWLSGznuri94
-
Formbook payload
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-