General
-
Target
9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118
-
Size
260KB
-
Sample
240403-bhz2cabc3t
-
MD5
9c05d1ae12cc58702c8a54ad739b9551
-
SHA1
4f2435a19956ebbe4acd214c65428a36337f7abd
-
SHA256
59202d95bbcb9a85624ae56b93adeecc94b476a0131fe4670b718439ae4da1c9
-
SHA512
10c9ae58247631a80f9afdcd688684bd7e81be8cf059e1bb85d55cb43737197fcbc19a9f82806fb059c948b59dd6abac588b5e04a072c67f722b852ab6e9f4f1
-
SSDEEP
6144:F8LxBsOIdSIHJKM7xTTGYsmLMJKsYTwnXfK8fJV4:/OKlgVmcYMnXfp4
Static task
static1
Behavioral task
behavioral1
Sample
9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/sqxq.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/sqxq.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
formbook
4.1
dn7r
eventphotographerdfw.com
thehalalcoinstaking.com
philipfaziofineart.com
intercoh.com
gaiaseyephotography.com
chatbotforrealestate.com
lovelancemg.com
marlieskasberger.com
elcongoenespanol.info
lepirecredit.com
distribution-concept.com
e99game.com
exit11festival.com
twodollartoothbrushclub.com
cocktailsandlawn.com
performimprove.network
24horas-telefono-11840.com
cosmossify.com
kellenleote.com
perovskite.energy
crosschain.services
xiwanghe.com
mollycayton.com
bonipay.com
uuwyxc.com
viberiokno-online.com
mobceo.com
menzelna.com
tiffaniefoster.com
premiumautowesthartford.com
ownhome.house
bestmartinshop.com
splashstoreofficial.com
guidemining.com
ecshopdemo.com
bestprinting1.com
s-circle2020.com
ncagency.info
easydigitalzone.com
reikiforthecollective.com
theknottteam.com
evolvedpixel.com
japxo.online
ryansqualityrenovations.com
dentimagenquito.net
pantherprints.co.uk
apoporangi.com
thietkemietvuon.net
ifernshop.com
casaruralesgranada.com
camp-3saumons.com
eddsucks.com
blwcd.com
deldlab.com
susanperb.com
autosanitizingsolutions.com
femhouse.com
ironcageclash.com
thekinghealer.com
shaghayeghbovand.com
advertfaces.com
lonriley.com
mased-world.online
mythicspacex.com
yourherogarden.net
Targets
-
-
Target
9c05d1ae12cc58702c8a54ad739b9551_JaffaCakes118
-
Size
260KB
-
MD5
9c05d1ae12cc58702c8a54ad739b9551
-
SHA1
4f2435a19956ebbe4acd214c65428a36337f7abd
-
SHA256
59202d95bbcb9a85624ae56b93adeecc94b476a0131fe4670b718439ae4da1c9
-
SHA512
10c9ae58247631a80f9afdcd688684bd7e81be8cf059e1bb85d55cb43737197fcbc19a9f82806fb059c948b59dd6abac588b5e04a072c67f722b852ab6e9f4f1
-
SSDEEP
6144:F8LxBsOIdSIHJKM7xTTGYsmLMJKsYTwnXfK8fJV4:/OKlgVmcYMnXfp4
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/sqxq.dll
-
Size
27KB
-
MD5
3d2e7f16f238ac79b3d0e21a753ae79e
-
SHA1
ee53d37f5f1a86ddb7e1b6faa063d4afbabcf771
-
SHA256
afa62df6a2905e93ab1f59b5bd24856a88f735cd3930e7701a22a1988d3d475c
-
SHA512
e9764e730f2b3eea3d769649164a41f10b8e0be865e8a76ba65220b20d8b122bb6dad1a2be8b87fe861960eecfb11b9f836ac93d17fcb218c0201d6a17545ea5
-
SSDEEP
768:1oFOzbc9RWl6YOFbzdAk3anbKgPSUm6At0wvM1W:6UbUWl0aUaVAN0wvIW
-
Formbook payload
-
Suspicious use of SetThreadContext
-