General
-
Target
a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118
-
Size
255KB
-
Sample
240403-288dhsfg9x
-
MD5
a9529e72ea3c3b4f0c5dfe1915c17a8a
-
SHA1
a2f76981ad79f9358a5ac54ed9ae9ecb47a45286
-
SHA256
9f35623c249226a739c810db0da1b7332b9d98222e9e50c8aaa001edcf505af1
-
SHA512
4b5323e779f6a0b2f78793004b6c7e8b7bba3be373fc67a9d6471bf95baeb2b38855068c423d49b76ba3fc153a6a100157ad0487230de5471b8de42ab2e152b4
-
SSDEEP
6144:wBlL/chpgBO5InEpwL/G/HybZfrc0K4/yMAEj8VHmVli:CeDNWnEWjG/SNT3K4ci0Eli
Static task
static1
Behavioral task
behavioral1
Sample
a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/itfd.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/itfd.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
formbook
4.1
rv9n
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
cjspizza.net
Targets
-
-
Target
a9529e72ea3c3b4f0c5dfe1915c17a8a_JaffaCakes118
-
Size
255KB
-
MD5
a9529e72ea3c3b4f0c5dfe1915c17a8a
-
SHA1
a2f76981ad79f9358a5ac54ed9ae9ecb47a45286
-
SHA256
9f35623c249226a739c810db0da1b7332b9d98222e9e50c8aaa001edcf505af1
-
SHA512
4b5323e779f6a0b2f78793004b6c7e8b7bba3be373fc67a9d6471bf95baeb2b38855068c423d49b76ba3fc153a6a100157ad0487230de5471b8de42ab2e152b4
-
SSDEEP
6144:wBlL/chpgBO5InEpwL/G/HybZfrc0K4/yMAEj8VHmVli:CeDNWnEWjG/SNT3K4ci0Eli
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/itfd.dll
-
Size
42KB
-
MD5
af514b31b839ced67c0907a6569e3495
-
SHA1
ca1c2fd9e815d695ec163cac2d2feb72fa9b0a00
-
SHA256
e5b37e22db2aab4db04417c4b30be841686e2300687d5b3abd8a0456cd144d31
-
SHA512
22920f0365435be0961a33009ab1bff010ab5534553bd9d75e9be30ea588c67ea8ac7be936e4759019cb2a7fa6232fbbb4cef516ab54f68396934f383da52055
-
SSDEEP
768:0t8W+2zCq7jt8fFhCQcFSOzin3WfMGjny8+XY4PscAigP:0t8uzf7RJQcm3Wl+XY40cTgP
-
Formbook payload
-
Suspicious use of SetThreadContext
-