General
-
Target
28e013c2654f47916f1a62cf09308cad_JaffaCakes118
-
Size
249KB
-
Sample
240329-wjfz3seb9w
-
MD5
28e013c2654f47916f1a62cf09308cad
-
SHA1
fa785ccc69ec30254ee9b81f87dca6764350075e
-
SHA256
fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78
-
SHA512
69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca
-
SSDEEP
6144:wBlL/c+xnpzVsgv3OOhxYwdrgR83DE+KO30Zo+zK:Ce+xnd3NxYwVgR2DE+uZ5m
Static task
static1
Behavioral task
behavioral1
Sample
28e013c2654f47916f1a62cf09308cad_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
28e013c2654f47916f1a62cf09308cad_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/yzwbonbom.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/yzwbonbom.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
formbook
4.1
rv9n
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
cjspizza.net
Targets
-
-
Target
28e013c2654f47916f1a62cf09308cad_JaffaCakes118
-
Size
249KB
-
MD5
28e013c2654f47916f1a62cf09308cad
-
SHA1
fa785ccc69ec30254ee9b81f87dca6764350075e
-
SHA256
fa5502396dc7ec0fc5508d901eb8b3e555558cdbaff338a1911db0edd4563b78
-
SHA512
69c2de2dd642e287a956baf250ebe592b00b93295600006232fe69e473dcd2dc350df2b0ecb7f92a3d0a20e35f8951bd8e25e6290bcf629df97e326e738f16ca
-
SSDEEP
6144:wBlL/c+xnpzVsgv3OOhxYwdrgR83DE+KO30Zo+zK:Ce+xnd3NxYwVgR2DE+uZ5m
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/yzwbonbom.dll
-
Size
28KB
-
MD5
8b7c957c4a8ddf81d0ebb46d55054e1e
-
SHA1
6a17d7bf1915a1ccdfa39227a10fa443400af774
-
SHA256
1eaf128b2888192f6659cc7c70aa0db515057449f873f40e0fd3a3cd6a8105b0
-
SHA512
a6579a5c8a1f26b786cd29823d0106f0b876df41256b3c21fa5d7a041c3a696b62ae87dcd0fd1336240c82bce37ae7e0ecefbf8dbb6d57c57aeaf3e399f7b2e3
-
SSDEEP
768:reFQaNZMJyCAfbZjL46zh/DaorbG/9DdQF5M27z:ED9bZjDooPG1DdMDf
Score3/10 -