General
-
Target
abd70ec006fec754f2776d7b847c8a6e_JaffaCakes118
-
Size
388KB
-
Sample
240614-2qrytayhpa
-
MD5
abd70ec006fec754f2776d7b847c8a6e
-
SHA1
ec54aab238e3caddede09c41bad1d0a6aa29477c
-
SHA256
930ef88b7c7cfeaaa14f83875ae550193ed4067b6d118833f94cd2e14c5e47e2
-
SHA512
18d2629b921ca2be364a5ed8aecb16281431bdbde21d6c762a85709afb8471267eb66b41aca75480fc76636aa7b1933c092f7eb4ce5f7c49045b6ed9ef8b58f2
-
SSDEEP
6144:uMTP1YPuOZt036C5+GcMxWxSQvkYmlJ5KdsMH3soCzaauK2O0z/Pks:uUmWOZt0fcM8xT0l/+KzdH2OSk
Static task
static1
Behavioral task
behavioral1
Sample
abd70ec006fec754f2776d7b847c8a6e_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
3.9
ma
sbo8et.online
cignapathtowellness.com
vanysiaestetica.com
medusmart.com
cttexpresso33347896.site
appleid-verify-signin.com
azumama.com
avarts.studio
jmartinchico.info
8827vvvv.com
affiliates.group
cepsubekur.com
quanyinmami.com
xn----f66bs48bj6k.com
bettyscountrycabin.com
adrianamilne.com
lesfleursdeleonore.com
wwwwz520520.com
yourhomegardensource.com
honaleighceramics.com
influcoins.com
kingswayestatesspain.net
owcoo.com
smokysblackbear.com
thegalaxys8.win
golfeetbaie.immo
tianjianby.com
thedameranch.com
22battalionroad.com
millennialadult.com
tona.ltd
bilingadoctor.com
xc552.com
grimes.cloud
laxpagents.com
entreprisegautier.com
naturheilpraxis-volksdorf.com
shizuquanxie.com
roth.gallery
youyalisi.com
lyfogp.com
removiestream.info
hananredha.com
mingcihang.com
thattechfriend.com
filmmakersatmines.com
doemountainproductions.net
qmzmx.com
inssoft.info
transmission-products.com
gownlink.com
instockminers.com
caroliniservices.com
marthapullenco.com
peliculaslatino.online
diasurgemedicalfze.com
waitingtobezapped.com
sallyhardwick.com
thaiclassiads.com
lusao50501.com
16900.net
gmjev.info
alcluster.com
cdbe2oo1z.online
bonzaj.com
Targets
-
-
Target
abd70ec006fec754f2776d7b847c8a6e_JaffaCakes118
-
Size
388KB
-
MD5
abd70ec006fec754f2776d7b847c8a6e
-
SHA1
ec54aab238e3caddede09c41bad1d0a6aa29477c
-
SHA256
930ef88b7c7cfeaaa14f83875ae550193ed4067b6d118833f94cd2e14c5e47e2
-
SHA512
18d2629b921ca2be364a5ed8aecb16281431bdbde21d6c762a85709afb8471267eb66b41aca75480fc76636aa7b1933c092f7eb4ce5f7c49045b6ed9ef8b58f2
-
SSDEEP
6144:uMTP1YPuOZt036C5+GcMxWxSQvkYmlJ5KdsMH3soCzaauK2O0z/Pks:uUmWOZt0fcM8xT0l/+KzdH2OSk
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-