General
-
Target
20516c4fdd5362027e7383befed47ed7_JaffaCakes118
-
Size
251KB
-
Sample
240329-m436nsfd2t
-
MD5
20516c4fdd5362027e7383befed47ed7
-
SHA1
3e58bfa088d92fad5b748723e9e5efde54ab3f99
-
SHA256
19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
-
SHA512
f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071
-
SSDEEP
6144:wBlL/cZDa0KovsPeZFzD82T2x53/tc2VfM7jZm:CeorZmPn82T2xFtcCfM7j0
Static task
static1
Behavioral task
behavioral1
Sample
20516c4fdd5362027e7383befed47ed7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20516c4fdd5362027e7383befed47ed7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/vmmein.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/vmmein.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
formbook
4.1
rv9n
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
cjspizza.net
Targets
-
-
Target
20516c4fdd5362027e7383befed47ed7_JaffaCakes118
-
Size
251KB
-
MD5
20516c4fdd5362027e7383befed47ed7
-
SHA1
3e58bfa088d92fad5b748723e9e5efde54ab3f99
-
SHA256
19f4dafb701e0d7f58c46397026e8d74b8d63fafe58caf3fa44739bb5bc41bb9
-
SHA512
f7d5d8005bba7a99f0b1f620acc106542cb5b2023ef61a3de2453a9e25ddb0b5b9f344766b6b182c4c5f398fb5f91ea401d0d907544bf409885f86e162421071
-
SSDEEP
6144:wBlL/cZDa0KovsPeZFzD82T2x53/tc2VfM7jZm:CeorZmPn82T2xFtcCfM7j0
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/vmmein.dll
-
Size
35KB
-
MD5
82db187a22da883f403c64b9eca9eea0
-
SHA1
c0bd3fa3bb7116eb50fa593b7d5a40751c6092d3
-
SHA256
2add9d3b455a4fcc5b18bc64bf5c798761792db3c0b4124ce40ff4283d7d23b2
-
SHA512
7d6c35c546167eddf07296016f29dcfc10c6431f5d05bfe987289254c642665bf1fc0477ca356c501aa16fc5577a37b1f104aaab5b2eef8f21beb72f5c075fca
-
SSDEEP
384:cd6LrnOdRSwnijvf1UyqhWd2kFmMW3JNF6YGrUJx/wfZR:OoKdlnijv9DXd2kQMW3JNF6YGrmRwR
-
Formbook payload
-
Suspicious use of SetThreadContext
-