General
-
Target
084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118
-
Size
816KB
-
Sample
240624-nthyestekm
-
MD5
084d9c372d05fc7450a7acc2d730e40a
-
SHA1
e87fbc8d77a456d97cd0c7d8a1f69752f2ef50b0
-
SHA256
f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef
-
SHA512
c3655b286f886b5665ec0dffcea84687046170b72add2a23f287ea8fd3df5cd7daeb402ab5d9af25b163bc454bfa0c30e7f39d2cbfa1dbc385b7575ff92e6dfb
-
SSDEEP
12288:AlNwTyzx+jxivZgVm2WCD1QbwBaYCQJVHmlZ:AlNwWN+jwZSm2ZivqJVHyZ
Static task
static1
Behavioral task
behavioral1
Sample
084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
4.1
dyt
tg0913.com
fhehsjeh.com
hoslergroup.com
bradfordsahm.com
dopefuse.com
4vrlwi.site
greyboxautomations.com
codedlock.com
manifester.guru
luckyvertical.com
marvitrans.net
blushinglips.wine
shreeshyamexporters.com
bkdn.xyz
susanenglert.net
caprichodigital20.com
reianswers.net
alejandrobrand.com
drsineadbeirne.com
dijitak.com
naturally-toned.com
designed4youevents.com
socksofcolors.com
dongzhenwl.com
pinkopalboutique.com
sptrading.company
innocentandnaive.com
zhongwu.tech
evokealpha.com
humanitera.international
so0551.com
eacvea.com
plus1joinersandbuilders.com
coolartgallery.com
theholinesshousewife.com
admoney.info
bakldx.com
contenttoincome.com
royalpetcanvas.com
mosella.online
surkentkuruyemis.com
nomadroams.com
cezede.com
spleafpro.com
thepreventivemedicine.net
quatormi.site
norsk-medisin.com
connecting4fun.com
enecaa.com
keller-bec.com
sensvia25.com
summerlively.com
eseskalierteh.com
longwoodlife.com
lesavonbyannvictoria.com
fessucesesee.com
sportscircleindy.com
sulukozukremi.com
ajreality.com
scattershotgames.com
mediclyft.com
casinobigbank.com
jasminesecretshop.com
njcfpnetwork.com
guanmei2020.com
Targets
-
-
Target
084d9c372d05fc7450a7acc2d730e40a_JaffaCakes118
-
Size
816KB
-
MD5
084d9c372d05fc7450a7acc2d730e40a
-
SHA1
e87fbc8d77a456d97cd0c7d8a1f69752f2ef50b0
-
SHA256
f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef
-
SHA512
c3655b286f886b5665ec0dffcea84687046170b72add2a23f287ea8fd3df5cd7daeb402ab5d9af25b163bc454bfa0c30e7f39d2cbfa1dbc385b7575ff92e6dfb
-
SSDEEP
12288:AlNwTyzx+jxivZgVm2WCD1QbwBaYCQJVHmlZ:AlNwWN+jwZSm2ZivqJVHyZ
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-