General
-
Target
bb53429c934474eb4ae15362b0b0fed9_JaffaCakes118
-
Size
745KB
-
Sample
240618-lyds6asenp
-
MD5
bb53429c934474eb4ae15362b0b0fed9
-
SHA1
88339aea119d80c639e1e98483936a8ca92e7fce
-
SHA256
0497ec7bb66f401d56abc2f7d3aec12a4ca977d9ef122513a0781119a949b248
-
SHA512
5b24c177f0e252547475258d5caa5dfbf58d16d3de48224d00bca0b3edee9b5d505d33c24c58a0a86dc5832425b26431f9145967ca9ddf53a116cf7a9915cffa
-
SSDEEP
12288:uPq7y8gnl7DlLgY+/HY0nwNtA8utQyoHGaoe6Xk0eXhMMWTIMjdW3rYgbFT/c:cqO7LgYsVw3DlyGiQOVIM5W3kg5T/
Static task
static1
Behavioral task
behavioral1
Sample
bb53429c934474eb4ae15362b0b0fed9_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
formbook
3.8
hx251
cttexpresso707870.site
get-motivation.com
0473.ink
tooniker.com
mediacionelite.com
barterdeck.com
revergereview.com
dafaok66.com
nukonu51.win
hotelesnemocon.com
edijsbogomolovs.com
businesoint.com
bsxdq.com
emanuelhospice.com
marlyprojects.com
jsmw297.com
alexandra-wehner.com
detroitpropertymanagment.com
xhtd293.com
uuluav19.com
traveljasmine.com
clinicamagnolia.com
zhsqhs.com
kitzoinsights.com
blogcarinsurance.com
thomasbaauw.com
crazy-rabbit.com
virtudessarmientocoach.com
historymapped.com
vipka888.com
chat-masr.com
tripdeo.info
wwwjinsha441.com
zafsdyg.com
alplp.link
drjamesbarber.com
rbuglicensing.com
nimmerlandgaming.biz
thekmj.com
kwnsu.com
boxclickship.info
lade-chicken.com
062manbetx.com
koolasbaby.com
adminyhz.com
ywguksnunbpp.site
4683389.info
qhdmzg.com
js139yl.com
prontoeletrobr.com
decisionpointstrategies.net
ababel365.com
eastwestvet.net
gymnative.com
sljdcpd.com
poereeflight.com
lyzns.com
hoangphatnoithat.com
llygo.com
themodernfarmermpls.com
olkhx.info
17mobile.loan
moontheradio.com
zsgc.site
hemalipaterl.com
Targets
-
-
Target
bb53429c934474eb4ae15362b0b0fed9_JaffaCakes118
-
Size
745KB
-
MD5
bb53429c934474eb4ae15362b0b0fed9
-
SHA1
88339aea119d80c639e1e98483936a8ca92e7fce
-
SHA256
0497ec7bb66f401d56abc2f7d3aec12a4ca977d9ef122513a0781119a949b248
-
SHA512
5b24c177f0e252547475258d5caa5dfbf58d16d3de48224d00bca0b3edee9b5d505d33c24c58a0a86dc5832425b26431f9145967ca9ddf53a116cf7a9915cffa
-
SSDEEP
12288:uPq7y8gnl7DlLgY+/HY0nwNtA8utQyoHGaoe6Xk0eXhMMWTIMjdW3rYgbFT/c:cqO7LgYsVw3DlyGiQOVIM5W3kg5T/
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-