General
-
Target
1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118
-
Size
507KB
-
Sample
240701-mx2n9sxcqg
-
MD5
1b02b2110a83c75e00319da7df7f1ed3
-
SHA1
01ca66b6bd83c1c4e9168767422815b327bfa2a2
-
SHA256
6a0c21a5a37e307becd9ed9bdee0f3f41e3d1a61847a6e9ae272ec891d4f7728
-
SHA512
93eee319549c963b9639a1bdf05f872e7834afdbd6fc7167cd40cb579e607e7b212c259cb8aae08190f0c827e0da448903a161f1ae98ee397c38afa8059ac2ce
-
SSDEEP
12288:pSlQOcPTxF0cvmpJZIxXwWW2WiZnqrw+fuJptW+3e3miUZ:OKTxacvmPZIxjmiFqr/u1LUC
Static task
static1
Behavioral task
behavioral1
Sample
1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118.exe
Resource
win7-20240419-en
Malware Config
Extracted
formbook
4.1
ffw
unmutedgenerations.com
localmoversuae.com
centralrea.com
geyyfphzoe.com
silverpackfactory.com
techtronixx.com
shop-deinen-deal.com
buehne.cloud
inspirefreedomtoday.com
chapelcouture.com
easton-taiwan.com
quanaonudep.store
merzigomusic.com
wpzoomin.com
service-lkytrsahdfpedf.com
yeasuc.com
mydogtrainingservice.com
galeribisnisonline.com
cscremodeling.com
bom-zzxx.com
ensobet88.com
vegancto.com
digivisiol.com
advancetools.net
gzqyjd.com
xtgnsl.com
ftfortmyers.com
g-siqueira.com
ufdzbhrxk.icu
tiekotiin.com
youschrutedit.com
takahatadenkikouji.com
goodfastco.com
jtelitetraining.com
planet-hype.com
gigwindow.com
levelxpr.com
besttechmobcomm.info
funneldesigngenie.com
mylisting.cloud
alltwoyou.com
mortgagesandprotection.online
monthlydigest.info
senlangdq.com
postphenomenon.com
slymwhite.com
masonpreschool.com
wahooshop.com
meridiangummies.com
samsungpartsdept.com
saludbellezaybienestar.net
vickifoxproductions.com
shawandwesson.info
nutrepele.com
gorillatanks.com
praktijkinfinity.online
lanteredam.com
refinedmanagement.com
tiwapay.com
fruitsinbeers.com
charliekay.net
realironart.com
sonsofmari.com
kedingtonni.com
evolvekitchendesign.com
Targets
-
-
Target
1b02b2110a83c75e00319da7df7f1ed3_JaffaCakes118
-
Size
507KB
-
MD5
1b02b2110a83c75e00319da7df7f1ed3
-
SHA1
01ca66b6bd83c1c4e9168767422815b327bfa2a2
-
SHA256
6a0c21a5a37e307becd9ed9bdee0f3f41e3d1a61847a6e9ae272ec891d4f7728
-
SHA512
93eee319549c963b9639a1bdf05f872e7834afdbd6fc7167cd40cb579e607e7b212c259cb8aae08190f0c827e0da448903a161f1ae98ee397c38afa8059ac2ce
-
SSDEEP
12288:pSlQOcPTxF0cvmpJZIxXwWW2WiZnqrw+fuJptW+3e3miUZ:OKTxacvmPZIxjmiFqr/u1LUC
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-