General
-
Target
21054066a9306b448e32a28c43a5c2dd_JaffaCakes118
-
Size
419KB
-
Sample
240329-nqs9zsgf49
-
MD5
21054066a9306b448e32a28c43a5c2dd
-
SHA1
2741e2a11ba8e5196cd406a19ddb90ad1b39782a
-
SHA256
319031aef57695e9e163907f23b335c31851a3511ce5de8109913a877b75854b
-
SHA512
4d6eb6361f5eefd3d0b294443d4734bb9206483e017384065760b275d1d63323c1721cbce5e3c9e5b60c7929a454871e877f997c006e6ac7fd4d0a6b038adb03
-
SSDEEP
12288:KI63shJunufpL/ymtL3Wpd36BseLdSE2DAoQ+g+pX:ys/uut/ymtL3WXKZdShDAoKAX
Static task
static1
Behavioral task
behavioral1
Sample
Document RFQ#8086A_461A_0000086_300_3550_2021.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
g8ni
nickmowat.com
garethjame.biz
colibrilift.com
vulnerabilitylabs.one
neuro-ai-web-ru.website
16mcnaestreetmooneeponds.com
bestofstmaarten.net
meditelier.com
ragnarduke.com
escueladecampo.com
vongtayvn.com
inmemoriamaan.com
yourpeoplemanager.com
r6-gytr.com
agreeablebeauty.com
snpconfirms.com
tribalurq.quest
purafuse.com
cisco-training-course.com
wery.top
haiyaa.tech
schtefo.net
kenytc.com
energypopcorn.com
0urls.top
artiatec.com
enqum.com
nextcloud.solutions
stateaffairsng.com
727bpay.com
matchmakerfiji.com
qingdouge.com
nusrattelbdoffical.xyz
seo-clicks7.com
aspirateurs.net
autosandmorestore.com
moje-akvarium.net
uehddw.com
geschmacksakademie.com
gendarmerie.email
buynftinc.com
mission-nao.com
webmakers.xyz
federationwholesale.com
tjbieying.com
finestpoints.com
premiersloyko.xyz
carlislepartssurvey.com
hackernfts.com
abitvip.com
iphone13mini.supplies
thenorthfacedeal.online
swlhvipbj.com
elguije.com
auto2pl.com
route112mitsubishi.com
zilliq.com
pumateam04.com
xtzztf.com
sacmaudantoc.xyz
kalafwalker.com
jumeaux-numeriques.com
purposefulwork.com
jacquelineblog.info
er5544.com
Targets
-
-
Target
Document RFQ#8086A_461A_0000086_300_3550_2021.exe
-
Size
510KB
-
MD5
a445dd187c6dc7254da6d2f0d893f2fb
-
SHA1
c0548d4ed4a9c2b68fbcf592e9a892fa587d5b0e
-
SHA256
2a2187ae775f286c2400957b71aac1c550779fc6652a710d126546d4d4879f0f
-
SHA512
ec8fb387474fe1a737ea46d67e5b2e363ecb6c35634e1af63e465fb487c8ae2b7684d128d8ea982d6234110dee83a4601b6fba64f05765a41927f580520c527e
-
SSDEEP
12288:ogcvFMGTRKGUjCh6MCpMBWlzXu9TysHr6NOjqMIw+Nyqq9gdWf9od:qvAjCh6MCpnl+4xOOj3yqAgdio
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-