General
-
Target
13b21115bd414b3cff0365351398e92a_JaffaCakes118
-
Size
823KB
-
Sample
240626-2ckbtazgkl
-
MD5
13b21115bd414b3cff0365351398e92a
-
SHA1
8a017b7cfc0128c584b64cf8b531e9387a211858
-
SHA256
bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b
-
SHA512
30681b65911dffd7091ef72e08f0e54197b4f153f89f77590e0d7f714b59066fb95e8861616f44cbcf01b15b148a69bf6dcb02207f73daf2a1ed0067fac0d309
-
SSDEEP
12288:oLXHsXw4voVatmZZgVm2WCDSZcWl76imBp4EmJi:QXHGTvcA4ZSm2ZymT4EmJi
Static task
static1
Behavioral task
behavioral1
Sample
13b21115bd414b3cff0365351398e92a_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
pep
whitelabelgraphics.pro
futureguidefilms.com
mission-duplex.com
rutherealty.com
acehardwaremall.com
potenb.com
tbhawt.com
momentum-ip.group
m8sr8s.com
cfwagner.com
umiyama-eri.com
klantenvinden.com
simplycasd.com
visionhomerecruiting.com
inkjet-material.com
banking-aib.com
fast1performance.com
eventsbyja.com
breuer.network
smartecelectronics.com
vtbunkie.com
lexingtonclarke.com
ayintapbaklava.com
sugarstyleearrings.com
caiyanxi.com
the2mblueprint.com
bakldx.com
7choicesar.com
jesusencounterminisries.com
lamptail.com
bobkeet.com
chasingplanet.com
obernix.com
managementgpus.mobi
tcunionnet.com
hydzonised.com
jennie-espy.com
animeinkcon.com
hesovery.cool
bvilifemagazine.com
medicareworldnewsreport.net
zdrowykon.com
atenmedilatam.com
dlasso.com
7si3.com
seasonedsupport.com
29essentials.com
cnpuhang.com
yyaa2.net
neocareadvisory.com
tblsportshoes.com
chohub.com
initiationpodcast.com
architex.info
jamietylerlee.com
diusae.com
sun-go24.com
rfeap.com
safunerepublic.com
juanluanzi.com
neptuneribs.com
defocasc.com
tatilingerie.com
all-env.com
triumphantlytransformedbk.com
Targets
-
-
Target
13b21115bd414b3cff0365351398e92a_JaffaCakes118
-
Size
823KB
-
MD5
13b21115bd414b3cff0365351398e92a
-
SHA1
8a017b7cfc0128c584b64cf8b531e9387a211858
-
SHA256
bf84393caee9b769b516681ec8998afe26c22255c405ea9a027608ccf38ea36b
-
SHA512
30681b65911dffd7091ef72e08f0e54197b4f153f89f77590e0d7f714b59066fb95e8861616f44cbcf01b15b148a69bf6dcb02207f73daf2a1ed0067fac0d309
-
SSDEEP
12288:oLXHsXw4voVatmZZgVm2WCDSZcWl76imBp4EmJi:QXHGTvcA4ZSm2ZymT4EmJi
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-