General
-
Target
72f8696930aea206f91b39a551ffe093_JaffaCakes118
-
Size
366KB
-
Sample
240401-rbfxwsfe8w
-
MD5
72f8696930aea206f91b39a551ffe093
-
SHA1
a01cc8127d8afaaec98274d3db9504d364c9a33a
-
SHA256
45e8fd9c2d454cbd2012f8cb1a3799fd70a470e5e82485c0df4f8b330e0c8ac5
-
SHA512
da08667edd15f153629ff0d6f02896811261c54374c8076f0a4e3501f6c1e566fd2362071fd148ccdedca89e58146d0997e3d81f29fc657736dedde0e91e09cf
-
SSDEEP
6144:5aC13sUBxC43q4JVRa6uTULqlLtgg9ulcsZGqU3skZQN/QvDecY:5VRsUBE46YVRt9qlLtggZsk932N/Qvip
Static task
static1
Behavioral task
behavioral1
Sample
72f8696930aea206f91b39a551ffe093_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
dv9n
nblvqing.com
delmegebuildingproducts.com
xiongba8.com
latuawebreputation.online
nowcloud.tech
cckghs.com
tradeoo.ltd
ppapo.com
tphoaphuongdo.club
whitefoxy.site
bottle-sentences.net
computersewa.com
lushberryholidays.com
motobotz.com
shadurj.com
amazonlexdeveloper.com
shunli178.xyz
sjzzlmh.com
6eu09rp.xyz
novinmes.com
elizabethdouglas.net
heathy.xyz
forsmarthings.com
mskstyle-77.store
henhencaol.xyz
palncakeswap.com
osflogistics.com
14rinapo45.com
jordinandaustin.com
natsmartultimatebest.rest
perfectelopements.com
xinsaiou.com
92billion.com
hb4um.com
amneatni.xyz
pirigame.com
93335t.xyz
forwardvalley.com
contacttracingusa.com
americanexpress2214.creditcard
gurume-naruki.com
cdminstructors.com
posetac.online
suzhouyscl.com
bakarusgroup.com
epicureanadventuretours.com
goldengooses-outlet.com
glitchking411.com
8xroe84.xyz
https29dgi.xyz
sweetspendingwholesalersllc.com
bitopvip.com
sheraton-international.com
ajansclubturkey.site
communityskiswap.com
sauna-kuu.com
stephkingspilates.com
rosnewmarkextension.net
100daysofml.com
nexbot.biz
ahhhpop.com
marfalow.com
project-candles.com
topdogiadung.com
elianedefalco.com
Targets
-
-
Target
72f8696930aea206f91b39a551ffe093_JaffaCakes118
-
Size
366KB
-
MD5
72f8696930aea206f91b39a551ffe093
-
SHA1
a01cc8127d8afaaec98274d3db9504d364c9a33a
-
SHA256
45e8fd9c2d454cbd2012f8cb1a3799fd70a470e5e82485c0df4f8b330e0c8ac5
-
SHA512
da08667edd15f153629ff0d6f02896811261c54374c8076f0a4e3501f6c1e566fd2362071fd148ccdedca89e58146d0997e3d81f29fc657736dedde0e91e09cf
-
SSDEEP
6144:5aC13sUBxC43q4JVRa6uTULqlLtgg9ulcsZGqU3skZQN/QvDecY:5VRsUBE46YVRt9qlLtggZsk932N/Qvip
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-