General
-
Target
b745c75293702c7e47b3c1cafea29d65_JaffaCakes118
-
Size
578KB
-
Sample
240617-hlnaaaygjb
-
MD5
b745c75293702c7e47b3c1cafea29d65
-
SHA1
51b09d18da82e065b48e79c8ca1a53a00219b62c
-
SHA256
76c5f5e72040b7558eb45e8bf87a551f7ccbd67440b4b7ede1a62e579f69f4de
-
SHA512
9eb5d3952a60e094fb370b9f479a6c1a7cdc7fe9d0f3ea445c4e76750f829b819e628c396b31343833e03584882ecfc0676ee3a9f92e90b53600cb5cde6ddc26
-
SSDEEP
12288:tS2a83T3IKwfUu2iKepGZIHsgEUkVyn3TcWItO:tVd3TYr6IpGJgTwynjcW8O
Static task
static1
Behavioral task
behavioral1
Sample
b745c75293702c7e47b3c1cafea29d65_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
formbook
3.8
el
visioncorp.biz
ligriefrelief.com
yadtika.com
tradiscovery.com
merrittandstyle.com
tongcheng.ltd
omclove.com
gronnbygg.com
mragenciesindia.com
14u4.com
thewatchmart.online
urlaubsvideos.net
fmud.ltd
500proxy.online
nisargsangitagrotourism.com
qyygame.com
childhaus.com
431opebet.com
nlpu4n8r41.biz
phoebus-tech.com
butlerboergoats.com
xiangyueba.com
ichirakus.com
agenlampulalulintas.com
263shop.com
5mzmy.com
hulanwang099.com
alexanderhaye.com
raccal.info
streetsurface.com
tenhofe.com
6582365.com
guratnqdk.com
support-secure-login.com
babyfeedingmats.com
sxlexue.com
porschespalette.com
sxxazs.com
thai-blogs.life
ituklifeinsuranceok.live
cdn-network26-server2.biz
6liuwei.site
oyku.online
goodcausetshirts.com
bbb703.com
tjfcjflaw.com
shape-magazine.site
isotecnik.com
divercode.com
dijongfood.com
italiacuoremio.com
ddiplomata.com
andalibh.com
jbwrfi.faith
additivepass.com
buildmeadream.com
pureandfriendly.com
rdv-oyats.com
heidis-reinigungsservicecom.com
hunli.ink
walnutcreekcalawservices.com
stayabovetheclouds.com
789899.net
xqrunr.com
aboutyd.com
Targets
-
-
Target
b745c75293702c7e47b3c1cafea29d65_JaffaCakes118
-
Size
578KB
-
MD5
b745c75293702c7e47b3c1cafea29d65
-
SHA1
51b09d18da82e065b48e79c8ca1a53a00219b62c
-
SHA256
76c5f5e72040b7558eb45e8bf87a551f7ccbd67440b4b7ede1a62e579f69f4de
-
SHA512
9eb5d3952a60e094fb370b9f479a6c1a7cdc7fe9d0f3ea445c4e76750f829b819e628c396b31343833e03584882ecfc0676ee3a9f92e90b53600cb5cde6ddc26
-
SSDEEP
12288:tS2a83T3IKwfUu2iKepGZIHsgEUkVyn3TcWItO:tVd3TYr6IpGJgTwynjcW8O
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-