General
-
Target
b7189c8229baecede904e58eff8438c7_JaffaCakes118
-
Size
420KB
-
Sample
240617-gq8w4sxdqe
-
MD5
b7189c8229baecede904e58eff8438c7
-
SHA1
e3637bd5028b35dddd27fc1f836076cd4ba3eb61
-
SHA256
a47718c57ed25e5c30f0ea7c68952d6aae4ec1f4f0e889d7edae01228334cd14
-
SHA512
15587ae65ac51b87ada349b2a4acd8333ac61687cfda1de9846630a3123154a7621398b1d8bbeff511e19b4c0d9b3180010059383c61bf0109388585cdc824f5
-
SSDEEP
12288:q6/vbcscYE/kaI6mdVHq+dTQT/cHcFZcmD:qGArYEMaI6mdVHRycHgcm
Static task
static1
Behavioral task
behavioral1
Sample
b7189c8229baecede904e58eff8438c7_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
3.9
be
funtimejacksonms.com
vivrepourlamode.com
leonisviridis.com
this-hiking-cycling.com
quintavenidagym.com
bigfishsurfboards.net
visitbeiliu.com
mobileappsdirectnow.com
globusholdings.com
panopolisclub.com
qrw.info
presize.net
flsjapan2012.com
englishpremiershipcamps.com
studiolgm.com
fernandomellovianna.net
villa-le-boqueteau.com
souqmore.com
trapcessful.com
jumpshoppu.com
allnaturalcbdscharlotte.com
13237171111.com
stevejobs.ink
xhtd646.com
2mbrracp6t.com
vggfe.info
sadamag.com
mr687.com
jsgo.info
zgagi.com
trusteedelivery.com
bdsbank.online
lands.party
cac-apudep.com
pzlece.info
integralcoderz.com
yanhyh.com
probynsschool.net
greenlifegardens.net
asores.com
theweddinggrove.com
jeannineandwilliam.com
tv17482.info
grandrivermutual.com
casainsardegna.info
verytimelybroth.com
smartchoicecarecentral.com
h0is0fs00p.com
thewordbistro.net
caobi988.com
youbiti.com
customprintinghub.com
thelillestate.com
shengquandianqi.com
ptuyp.info
nyechrysler.com
rainforesthikes.com
amywoodrick.com
sdxunke.com
4008850400.com
homelytreat.com
oegdwclafshoaliest.review
freebitcoin.sale
littlephoenixespublishing.com
prokbya.com
Targets
-
-
Target
b7189c8229baecede904e58eff8438c7_JaffaCakes118
-
Size
420KB
-
MD5
b7189c8229baecede904e58eff8438c7
-
SHA1
e3637bd5028b35dddd27fc1f836076cd4ba3eb61
-
SHA256
a47718c57ed25e5c30f0ea7c68952d6aae4ec1f4f0e889d7edae01228334cd14
-
SHA512
15587ae65ac51b87ada349b2a4acd8333ac61687cfda1de9846630a3123154a7621398b1d8bbeff511e19b4c0d9b3180010059383c61bf0109388585cdc824f5
-
SSDEEP
12288:q6/vbcscYE/kaI6mdVHq+dTQT/cHcFZcmD:qGArYEMaI6mdVHRycHgcm
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-