General
-
Target
ab494f466a82dd77680845c90d3d374d_JaffaCakes118
-
Size
255KB
-
Sample
240614-y4fadsvand
-
MD5
ab494f466a82dd77680845c90d3d374d
-
SHA1
557fddb9db8aa0f6e72644d0e26e5886930e2310
-
SHA256
9fe305213e6584a14e5d687540d178a989acb5de8ea5815dab4c262a4f4955da
-
SHA512
9432d3ea685d2a822aac09a52f6898bb542a95736f296aed43e2a3c1ca074df1c11d08ad99a90698f4b19bc08f85764cc1e57187bcbe90ddcd02991fb59f7565
-
SSDEEP
6144:8fTuKv/3or5iS1CtvHUC6SQFUZGd3kP+ILbqx6:aTubtL14PrJQuwd3YRL2x6
Static task
static1
Behavioral task
behavioral1
Sample
ab494f466a82dd77680845c90d3d374d_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
3.8
wo
studentepd.network
skinsensemoreqe.com
egrevore.com
2xa01v.info
detoxqueen.com
lumiity.com
urbanned.store
appleclinicaltrials.com
bledfetneknauer.win
tdhonlineadv.com
trendcosmo.com
eulermedia.net
bluewatersinvestments.com
hebibafang.com
sacrpc-cad.com
involo.agency
cultivatingajoyfulhome.com
zilkinvestments.com
3taoquan.com
ipmi.group
bencotter.com
zspcw.com
bluewhalecreation.com
pretendsweet.win
saulgraves.com
unfolving.com
jamfabriek.com
stanford.school
ravkyplakat.com
bertsampson.com
ccc594.com
southlakeenergy.com
essentially-best.net
glisson-archery.net
le10cannes.com
bonusdetective.com
gaihaoqi.com
dressupacademy.com
calibratedisplay.com
ultrarunning.events
moraghanengpc.net
giqo.ltd
quest.business
hi-fu.com
tabletsellers.com
themildlyirked.com
753opebet.com
mondosport.click
ddttl.com
thelivelycollective.com
terrain-copponex.info
islom-karimov.partners
acumensolultions.com
vedezevanje.biz
hempworks4u.biz
youngandblue.com
bedroomentrepreneur.com
pay52990.com
jiko.ltd
0014aa.com
mototelecom.com
pripro.net
yuki-motor.com
31ricklanddrive.info
cahdtactycz.info
Targets
-
-
Target
ab494f466a82dd77680845c90d3d374d_JaffaCakes118
-
Size
255KB
-
MD5
ab494f466a82dd77680845c90d3d374d
-
SHA1
557fddb9db8aa0f6e72644d0e26e5886930e2310
-
SHA256
9fe305213e6584a14e5d687540d178a989acb5de8ea5815dab4c262a4f4955da
-
SHA512
9432d3ea685d2a822aac09a52f6898bb542a95736f296aed43e2a3c1ca074df1c11d08ad99a90698f4b19bc08f85764cc1e57187bcbe90ddcd02991fb59f7565
-
SSDEEP
6144:8fTuKv/3or5iS1CtvHUC6SQFUZGd3kP+ILbqx6:aTubtL14PrJQuwd3YRL2x6
-
Formbook payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-