General
-
Target
b5f4ecf1a13b7ef894523c990b963a84_JaffaCakes118
-
Size
525KB
-
Sample
240617-arydfavhpc
-
MD5
b5f4ecf1a13b7ef894523c990b963a84
-
SHA1
7dfdc4f3d25f6b11c73e3eba0ffa5925c23ee7e2
-
SHA256
157d4620189778ea181eb65ebcba012dc8c7af3a9a9cf3ceb6560daf91df940c
-
SHA512
862e55e6619f072a8a0da44c63ddd6e1a7fd1a23daa0b4244a305b61c06d95a4ec1b158760990958163dce21042bf74bf6f083f37c8fcbb74bb001836476f0e4
-
SSDEEP
6144:4n7MUMpVvo8i72Kqwiymx1IOkmykNnK5+gWxKbqQEskb+LOHwr6X/7cH9bMf2n8H:4kVvfA3FmXBykNn2bqFskuBr/qnp5
Static task
static1
Behavioral task
behavioral1
Sample
b5f4ecf1a13b7ef894523c990b963a84_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
formbook
3.9
private
epsilonducts.net
stateofpunjab.com
followthegirl.com
parol2.men
hungryforlondon.com
comercializadorafqe.com
sippinteawithlynnmarie.com
qianbi.group
tbfuk.com
ladybosscbdoil.com
reginatowingservices.com
avangardmerefa.com
rn-structure.com
skymansionexpatriate.com
eloiseantonie.com
leegardenapartmentsbeijing.com
selfievideochallenge.com
kay-lubcke.com
buybitcoininmalta.com
pusatgrosirgamismuslimah.com
jxanqi.com
mauiecoretreatcenter.com
transitionsales.com
jeanvivine.com
elisekirstenspeaks.com
sewff.com
bolecrie.com
mehrgaeste.net
aggregate-deutschland.com
interac-mobilityrefund.com
elitewatchseries.com
xn--6cv63oijs65m.online
nikgroupnet.com
dvizesol.com
dowemarketing.com
enlightenpdx.com
soycubaseattle.com
bestoffloydcounty.com
doriftie.link
rocks4u.store
chegoweb.com
thomrosh.com
china-blockchain.net
tonibonji.com
readysteadywish.com
albarakab.com
a-la-kart.com
harvestinfluencers.com
sukusuku467.com
danacellars.com
travimiller.com
hashflare.men
diplokopophits.com
hazel.coach
emobil-treff.info
largooffice.com
keithhumberger.com
ellepunk.com
heighttechnologies.com
holycalls.com
quoptics.com
nationsolarnyc.com
obatpembesarpenistangerang.com
bbb489.com
slacktracks.com
Targets
-
-
Target
b5f4ecf1a13b7ef894523c990b963a84_JaffaCakes118
-
Size
525KB
-
MD5
b5f4ecf1a13b7ef894523c990b963a84
-
SHA1
7dfdc4f3d25f6b11c73e3eba0ffa5925c23ee7e2
-
SHA256
157d4620189778ea181eb65ebcba012dc8c7af3a9a9cf3ceb6560daf91df940c
-
SHA512
862e55e6619f072a8a0da44c63ddd6e1a7fd1a23daa0b4244a305b61c06d95a4ec1b158760990958163dce21042bf74bf6f083f37c8fcbb74bb001836476f0e4
-
SSDEEP
6144:4n7MUMpVvo8i72Kqwiymx1IOkmykNnK5+gWxKbqQEskb+LOHwr6X/7cH9bMf2n8H:4kVvfA3FmXBykNn2bqFskuBr/qnp5
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-