General
-
Target
7d5de0b0b7023f599a2f85449b7ae61d_JaffaCakes118
-
Size
513KB
-
Sample
240401-3j8hnaab8t
-
MD5
7d5de0b0b7023f599a2f85449b7ae61d
-
SHA1
e5a3d7da738385f8574665624ff49e280dd99cee
-
SHA256
59689db6df4c60d3c69edc9d19d5af95827dbabc49d9d339ddffb22bbb03ef69
-
SHA512
5eafb424473da42b46963367d58eda072011a6ad094c640de962629874a90e328ae2cde3670ab808c376e3cf40e4329cec4a9dd8d7fbc1494150a247b31f7eec
-
SSDEEP
12288:x0Tj3ljGdg32U7bBZHZ1c9KBwCw8UNjRHj9VbpX:x0Hlag32+dJZ1cCwCw8q1l
Static task
static1
Behavioral task
behavioral1
Sample
7d5de0b0b7023f599a2f85449b7ae61d_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
rigx
cisworkfromhome.com
pizzanpickle.com
southusen.com
pinarekinci.com
themilocat.com
goio.digital
smoothed-way.com
lifeinformpodcast.com
transforming-leadership.com
winebreak.net
diversityleadershipprogram.com
orrisinvest.com
mylearningplaylist.net
chiromsrealestate.com
todaychat.info
solevux.com
giacomodifino.com
escortagents.com
handstandsandhairties.com
getsettn.com
rocketsanitizerbox.com
ryanmelissa.com
loiriemagazine.com
comparedietdrops.com
email-m3comva.com
lescopainsdumarche.net
samhing-hk.com
themomentummakers.com
thmmet.com
theluxgalveston.com
makelifesimpleagain.com
133holbertonstreet.com
ingam.design
svgrbyts.com
reunalia.com
zumish.com
202scott.com
onllinetestbot.com
homeofficetipps.com
jollyfriendsglobal.com
gardenstatemasks.com
parkinsonfound.com
fitpowersport.com
decentrall.com
zodiacoflauderdale.com
0afd.xyz
klutinariverfishing.com
wanderlustmeetsmotherhood.net
t7890.com
espressomaschinen.store
templarsy.com
parastrong.com
nongbake.com
abcjapanese.com
adorti.com
sweeplux.com
ssmjoin.com
polyassemble.com
sellmyhihome.com
pekalonganhost.com
sautilidades.com
customwoodcuttingboards.com
mindyourownbizzness.com
jiujitsuspa.com
diofis.com
Targets
-
-
Target
7d5de0b0b7023f599a2f85449b7ae61d_JaffaCakes118
-
Size
513KB
-
MD5
7d5de0b0b7023f599a2f85449b7ae61d
-
SHA1
e5a3d7da738385f8574665624ff49e280dd99cee
-
SHA256
59689db6df4c60d3c69edc9d19d5af95827dbabc49d9d339ddffb22bbb03ef69
-
SHA512
5eafb424473da42b46963367d58eda072011a6ad094c640de962629874a90e328ae2cde3670ab808c376e3cf40e4329cec4a9dd8d7fbc1494150a247b31f7eec
-
SSDEEP
12288:x0Tj3ljGdg32U7bBZHZ1c9KBwCw8UNjRHj9VbpX:x0Hlag32+dJZ1cCwCw8q1l
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-