General
-
Target
49c8f6c2c3906190a4a37b80fab5da5b_JaffaCakes118
-
Size
476KB
-
Sample
240331-b4emjaca74
-
MD5
49c8f6c2c3906190a4a37b80fab5da5b
-
SHA1
2c62e4511d83bb5dc255073fbbdacb1e853dbe35
-
SHA256
bc27791cfd964022a456b60694bf22360192d2abcb94ec729568ea27bb72c594
-
SHA512
2ca785a58a8c8e7b2d7c5fa9fdb11a07e8f491bd8ae81b90918a1ddd271040c86eb45402b5da65acb2e2dc2a8413e32f4913bcbd07cedd3b4f7f5e20a9b08512
-
SSDEEP
12288:ic3Q3qCx33stE33333333u33K6fw6b9qbCDQPE1lvAcINEcm272:iksCD02lIFE62
Static task
static1
Behavioral task
behavioral1
Sample
49c8f6c2c3906190a4a37b80fab5da5b_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
s2wt
yukiyamaapperal.com
rumasultan.store
japaese.com
quangphatloi.com
148atk.xyz
myheatstore.online
theedeneconomy.com
5xssc1.icu
krakensistem.xyz
gwangyo.com
lj-safe-keepingkokoka6.xyz
naturetheaterofoklahoma.com
perayaanwisudaitb.com
hrbsxxf.com
allencountypallet.com
vizit-app.com
startstartnow.com
inviertechile.com
haysneedlepotracks.com
cfdbestbroker.online
ganeshow.com
mewe3.com
mmghealth.com
9bcesr.icu
guanqunchicheng.xyz
kylemoles.com
theamericansweepstakesblog.com
norlogthermo.com
trademarkrights.net
uedty15.com
alphabalustrades.com
ezmiao.com
sharedconnexions.com
alpendevelopment.support
bypyb.mobi
clinik7.site
lxssc6s.icu
ranchoguejitosteaks.com
surferjackproductions.com
homeandbamboo.com
visioneverything.com
sf7a4kz80e.xyz
somebrightday.com
duo-pain.com
gurumantra4u.com
mediamu.online
decxil.xyz
zgnorthodontics.com
xn--bl-pn3e57s.com
nfluencesolutions.com
rosebagster.us
lanstea.com
nelycassociates.com
springflowerstore.com
dellstudio22.com
bedokipol.store
dreamdestinationvacation.net
zachary-lee.com
yusika-official.com
px133.com
nrconsultingservicellc.com
ddkuperman.com
capacityfamily.net
monosuitemilano.com
neumanesseriran.com
Targets
-
-
Target
49c8f6c2c3906190a4a37b80fab5da5b_JaffaCakes118
-
Size
476KB
-
MD5
49c8f6c2c3906190a4a37b80fab5da5b
-
SHA1
2c62e4511d83bb5dc255073fbbdacb1e853dbe35
-
SHA256
bc27791cfd964022a456b60694bf22360192d2abcb94ec729568ea27bb72c594
-
SHA512
2ca785a58a8c8e7b2d7c5fa9fdb11a07e8f491bd8ae81b90918a1ddd271040c86eb45402b5da65acb2e2dc2a8413e32f4913bcbd07cedd3b4f7f5e20a9b08512
-
SSDEEP
12288:ic3Q3qCx33stE33333333u33K6fw6b9qbCDQPE1lvAcINEcm272:iksCD02lIFE62
-
Formbook payload
-
Suspicious use of SetThreadContext
-