General
-
Target
8468dbf51cc7e194f0b09e53445e866e_JaffaCakes118
-
Size
628KB
-
Sample
240402-fq11tshh73
-
MD5
8468dbf51cc7e194f0b09e53445e866e
-
SHA1
c170e0b8ff48a69cd4d3b9b7e139321ab9727c22
-
SHA256
e3e10b5aa08565bae384a6e5471e2932ded7e82a2588d287eb23ea80d86d06fe
-
SHA512
1e45a4ede70de2b7fdfa9382670e3225d4bb957d578fd63b347f9d584972911205fcfa9265bbd486f02fa5bfa9080991ae27770e0efee72adcfa76bbcecfa3bc
-
SSDEEP
12288:D1Mdxg2ZVGd6SBbrVQMblWlkSUgMla4u9yXntHvRSBhA:D1Mda27o6q+IYlV6kBh
Static task
static1
Behavioral task
behavioral1
Sample
8468dbf51cc7e194f0b09e53445e866e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
nhk9
livinginroanokeva.com
entpiregaming.com
solutionsolvegh.com
glasgowcmr.com
gutesbenehmen.com
gracecitychurchmadison.com
linkalto.com
waahingtontimes.com
hxcked.com
buyung.xyz
asesormarketing.digital
bolodl.com
blushnbella.com
overhalldiesel.com
loveyorkshirecoast.com
puffpornandpizza.com
virgilisticlifestyleinc.com
clingnseal.com
artisantop.com
webinarsusa.com
motherhoodnewsletter.com
haxb33.xyz
jyumaiso-onsen.com
bitcoin-code.info
japoenes.com
asesoriasfc.com
paysamba.com
thesmartartcompany.com
leekus.com
buylowsellshort.com
theboringminds.com
jxycbj.com
hudsonconstruction-vplay.com
soeru-shop.com
burgersandbarley.com
sulinemedical.com
cxl-sales-solutions.com
billingswildlifetrapper.com
makeupada.com
secryptor.com
prismoutsourcing.com
lztlrl.com
africanhornspellcaster.com
singaporeair.club
xpj22151.com
gofmantaveras.com
foundflourish.com
stormwords.com
ammfx.com
chesterpamovers.com
sillysignificance.com
goodessentialsproducts.com
springbrookcreek.com
topseriespern.com
pettocushion.com
hy5designs.com
outsourcing-avocat.com
charmflare.com
manifestopop.net
globalworldavertising.com
azdoseofdesign.com
myparadisepartners.com
oakleticfitnesstraining.com
ecommerceprod.com
fenhouses.com
Targets
-
-
Target
8468dbf51cc7e194f0b09e53445e866e_JaffaCakes118
-
Size
628KB
-
MD5
8468dbf51cc7e194f0b09e53445e866e
-
SHA1
c170e0b8ff48a69cd4d3b9b7e139321ab9727c22
-
SHA256
e3e10b5aa08565bae384a6e5471e2932ded7e82a2588d287eb23ea80d86d06fe
-
SHA512
1e45a4ede70de2b7fdfa9382670e3225d4bb957d578fd63b347f9d584972911205fcfa9265bbd486f02fa5bfa9080991ae27770e0efee72adcfa76bbcecfa3bc
-
SSDEEP
12288:D1Mdxg2ZVGd6SBbrVQMblWlkSUgMla4u9yXntHvRSBhA:D1Mda27o6q+IYlV6kBh
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-