General
-
Target
bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118
-
Size
468KB
-
Sample
240618-p7j83sydpp
-
MD5
bc0ef9408fc18184938d89d695f8fb2b
-
SHA1
e6198d3ab82269f4d4c6309c918330190dcf693c
-
SHA256
6698735d635bc7b991236e31da603fd2f08cb9c2e41fbc8c0aed7efbdf63f9a7
-
SHA512
9397077dd2388af14a39aad7191ad05e0f9a40faea7e44ea879a56bd44da3a5fbbcaa2792486c145d1166f9fd8dbf8c2ee47803221758c07b6634822f4eb65db
-
SSDEEP
6144:QEsI1tKVCRk4tywG4JSW2H79BKZ2RLHVIgFXAExTAvVSMfGdZ1z:QESVp4tyJ4YH7q2QNE+NNfGd
Static task
static1
Behavioral task
behavioral1
Sample
bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118.msi
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118.msi
Resource
win10v2004-20240611-en
Malware Config
Extracted
formbook
3.8
he
ajnonline.info
marpolos.com
lzj97.com
meijiatp.com
soyoung-dongha.com
arrambideabogados.com
tannor.net
f1yc33j0wmn.biz
geboooth.com
battery365.net
nu-entry.com
obaldo.net
downstreamlatam.com
belkysfloral.net
chwaimai.com
winningpowermomentum.com
transitiontomedicare.net
creationglobalcrew.com
mimtechs.com
indianplesur.com
krybaybee.com
bigwheelcarryout.com
poly-travel.com
xenomachines.com
xn--youtuber-tr4ve58dwiy.com
infotamasia.com
projectmx.tech
primarycarepathways.care
ejuicecigar.com
deal-boat.com
ggluav73.com
bjt988.com
framsafaritours.com
motionmedia.group
bvgva.info
datingtipp.com
dotsandjots.com
plannplanet.com
naturalselfcareonly.com
zenith-bar.com
centraljerseypsychiatry.com
iyogcp.men
kawasakishi-sangokotuban.com
takfilm9.com
axxisfiresystem.com
patriotshirt.com
hunanweishizaixianzhibo.com
gensan.world
africanmd.com
changliefutian.com
chicagoiltowing.com
bishvax.com
negociosenlared.info
stunningshop.com
flkam.com
subrosa.ltd
digitalcoin.today
rajmatharu.com
munchme.store
cmoan.info
rakeschool.com
yijiaqq.com
offers.party
bsnsnbb.com
plodameg.com
Targets
-
-
Target
bc0ef9408fc18184938d89d695f8fb2b_JaffaCakes118
-
Size
468KB
-
MD5
bc0ef9408fc18184938d89d695f8fb2b
-
SHA1
e6198d3ab82269f4d4c6309c918330190dcf693c
-
SHA256
6698735d635bc7b991236e31da603fd2f08cb9c2e41fbc8c0aed7efbdf63f9a7
-
SHA512
9397077dd2388af14a39aad7191ad05e0f9a40faea7e44ea879a56bd44da3a5fbbcaa2792486c145d1166f9fd8dbf8c2ee47803221758c07b6634822f4eb65db
-
SSDEEP
6144:QEsI1tKVCRk4tywG4JSW2H79BKZ2RLHVIgFXAExTAvVSMfGdZ1z:QESVp4tyJ4YH7q2QNE+NNfGd
-
Formbook payload
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1