General
-
Target
a4a7f929c06bd4078c69a7dad2e126ca_JaffaCakes118
-
Size
444KB
-
Sample
240613-kg44caverq
-
MD5
a4a7f929c06bd4078c69a7dad2e126ca
-
SHA1
1fb11adfc3dda19bbad1f96b9afe35dd187c06fa
-
SHA256
9feb83ef41e9933adb8cbd4b2f60dfc952cb75717c18c591726c5d68f3ef5cb8
-
SHA512
8323e956d33454f35fa28aa2dba137b59bed1c4236b75483e0b6cd534343ed41a88b9d438fd29aca0bf323e94d26309ff62efe5a5e0a01289dbc82c52bcfbc88
-
SSDEEP
6144:JYx/VGfxaMFJdVhJNyu1Jn/jEHRUz5ZiuJEgN5s6v9osqrgTxXv0dQDV0XmuUjPq:JKOJ1KuDZz5ZlLN28LogTxwQuXmuUW
Static task
static1
Behavioral task
behavioral1
Sample
a4a7f929c06bd4078c69a7dad2e126ca_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
formbook
4.1
4kx
tenghuab2b.com
docperkins.com
xn--8qvz5k.com
wahgig.com
lesfantomesdelopera.com
ableaccessdesign.com
fraubergtour.com
conjoo.com
colemix.com
ijmpennsylvania.com
viagraboysdownload.com
primaryancientgreeks.com
mavericktourist.com
cezhav.com
zapjevajlive.info
yvpol.com
moonoka.com
pengodam.com
prubobhatton.net
exanyu.info
innersoulscapes.com
twickenhamtandoori.com
ionmu.com
lifeshow.ltd
bloom-events.com
barnette.company
wilsoncap.net
conservativeupdate24.com
iceprogams.com
jijcm1.info
mytraderhub.com
incomingchat.com
rsbdn.com
swty88222.com
zsdekai.com
thewholebrainmethod.com
jerrdins.com
jxscf.com
zhinengketang.com
hoachatxulynuocnhiemphen.com
stakeonit.com
xinjia68.com
themodreport.com
comoquitarelacnehoy.com
realatelier.com
hippiechicktwang.love
houcmusic.com
myoilyconcoctions.com
micahnaziri.net
nih-valid.com
lumerka.com
linxcardinc.net
maleahswimwear.com
iloserthat.com
khwamrak.com
quempecarvaimorrer.com
sumitomocorps.com
halcyonsurf.net
eqfro.com
0854zxw.com
17ynly.com
shijiezhihui.com
edbettinelli.net
acleandeath.com
nacemo.com
Targets
-
-
Target
a4a7f929c06bd4078c69a7dad2e126ca_JaffaCakes118
-
Size
444KB
-
MD5
a4a7f929c06bd4078c69a7dad2e126ca
-
SHA1
1fb11adfc3dda19bbad1f96b9afe35dd187c06fa
-
SHA256
9feb83ef41e9933adb8cbd4b2f60dfc952cb75717c18c591726c5d68f3ef5cb8
-
SHA512
8323e956d33454f35fa28aa2dba137b59bed1c4236b75483e0b6cd534343ed41a88b9d438fd29aca0bf323e94d26309ff62efe5a5e0a01289dbc82c52bcfbc88
-
SSDEEP
6144:JYx/VGfxaMFJdVhJNyu1Jn/jEHRUz5ZiuJEgN5s6v9osqrgTxXv0dQDV0XmuUjPq:JKOJ1KuDZz5ZlLN28LogTxwQuXmuUW
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Formbook payload
-
Suspicious use of SetThreadContext
-