General
-
Target
204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118
-
Size
672KB
-
Sample
240329-m3l6rsfc6v
-
MD5
204425d3c32bcb225060b2a9ada2ea80
-
SHA1
7059ea5532745e59e335df047ce32aeba0966712
-
SHA256
36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192
-
SHA512
579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360
-
SSDEEP
6144:BBlL/tT3xo4fd/4wO5A2ibMYMWExSt53XuidCLTcHo0IWKUDUGpYn+QmTKb2bUk4:HfTmMbM2ExaNHaTd0IWXDUGpYVm2KAr
Static task
static1
Behavioral task
behavioral1
Sample
204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ejxtxep.dll
Resource
win7-20240319-en
Malware Config
Extracted
formbook
4.1
dn7r
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
yourherogarden.net
Targets
-
-
Target
204425d3c32bcb225060b2a9ada2ea80_JaffaCakes118
-
Size
672KB
-
MD5
204425d3c32bcb225060b2a9ada2ea80
-
SHA1
7059ea5532745e59e335df047ce32aeba0966712
-
SHA256
36b057fd0a44652f98ea54100f4f485ee743bd00b52400937fbd976a346d3192
-
SHA512
579b40c6a1615a9c8e2442abd521068b5e67293b35803013c20d9b2fa329941d37f30fc29f4f0aa53c98c9f061ec3e5ff1ba6087b599d01ad34849d0b9393360
-
SSDEEP
6144:BBlL/tT3xo4fd/4wO5A2ibMYMWExSt53XuidCLTcHo0IWKUDUGpYn+QmTKb2bUk4:HfTmMbM2ExaNHaTd0IWXDUGpYVm2KAr
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/ejxtxep.dll
-
Size
35KB
-
MD5
04b0a2f77eaa9e7ae4b8b64dbbb75919
-
SHA1
54cdfbfb1d1fb9aedde9b24d91b164d3034d585b
-
SHA256
aa486b35bed54d5574bb3aa10cfb43f124fe23e950eb0572f6e5037f54079025
-
SHA512
fb8c2182c6874b949153f9d29fb40bc522073c639ce02238afa2e0cd121f5ddfdcff9d5d02f304140f941ab6ddbd8b2fadd5f71ad4b445ed18d36960c00c8e75
-
SSDEEP
384:fBLnOdRSzQjjzfR0WqhWd2tHBZMW3JNSx938rbfOwIu+Fn1:f8dGQjjzpXXd2tHBZMW3JNSx9MruFn
-
Formbook payload
-
Suspicious use of SetThreadContext
-