General
-
Target
79540ebde70af8572665959a6bd06332_JaffaCakes118
-
Size
590KB
-
Sample
240401-yyrq8seb7z
-
MD5
79540ebde70af8572665959a6bd06332
-
SHA1
3bd50cdb398de8cd76729d340100734a7660f731
-
SHA256
a26563b8bb82e71f54068820dd88b7de84199111b66e33af94c09e2344d9db74
-
SHA512
705a0750432072ab20a3d078254e1d50d36d08482d662cdd3521b2510fc5490d8db0d446080ea6c6a3ed60d3e33bb39e8c964c56c54b622076ca31af92309157
-
SSDEEP
12288:+hvwUOk/dNW+wCzc6kgzLKhMsVBNAPd86Uy+0:GYUOkfWbKqhMsVBNgoy+
Static task
static1
Behavioral task
behavioral1
Sample
79540ebde70af8572665959a6bd06332_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
cl8k
georgiaprfirm.com
rhinosafeinc.com
gandgpublishing.com
angelyangelarquitectos.com
formation-gallery.com
orangecountyipadrepair.com
aplearn.info
freshlucky.com
wrapfestival.com
zerosarentals.com
ff7a9vlt7.xyz
teachbing.com
mukos.xyz
baojianma.com
dermalaf.com
hannahandpatrick2022.com
yesilnoktam.xyz
theroyalhotels-kw.com
reisebazaar.online
senergypallet.com
proguardsbuilding.com
youarethemusic.com
sweetpomsforfamily.com
bluematrixcapital.com
global-constructions.com
lecoincryptofrancais.com
oralexpressions.com
sunriseiqwkij.xyz
msp2csp.com
heatherjonessold.com
meredithhamrick.com
jandefencing.com
compressionsocks1.com
xgn333.com
pamelasmithbickford.com
ourtribefive.com
voyagerclimate.com
toloroy.site
draketeamloans.com
callousrtvvbm.xyz
lightswaranwgt76.xyz
fxjg.net
97139.xyz
ismailkhayatgallery.com
archseducer.com
decocodeshop.com
cryptoex.space
dauntlesssmma.com
sword-electric.com
connextpr.com
nomundays.com
cruiser.ltd
kansasjersey.com
rewardsadvisorsite.com
sm-medical-consulting.com
grand-magic-hotel.com
tangnalihu.net
kerggon.xyz
shopdrmai.com
safety4event.com
redoakrev.com
rutaskate.com
topseniorsamxrewerds.com
saludyvida.info
lightiroanwgt76.xyz
Targets
-
-
Target
79540ebde70af8572665959a6bd06332_JaffaCakes118
-
Size
590KB
-
MD5
79540ebde70af8572665959a6bd06332
-
SHA1
3bd50cdb398de8cd76729d340100734a7660f731
-
SHA256
a26563b8bb82e71f54068820dd88b7de84199111b66e33af94c09e2344d9db74
-
SHA512
705a0750432072ab20a3d078254e1d50d36d08482d662cdd3521b2510fc5490d8db0d446080ea6c6a3ed60d3e33bb39e8c964c56c54b622076ca31af92309157
-
SSDEEP
12288:+hvwUOk/dNW+wCzc6kgzLKhMsVBNAPd86Uy+0:GYUOkfWbKqhMsVBNgoy+
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-