General
-
Target
a172b261614d5d5d0513ecfa06bc5711_JaffaCakes118
-
Size
942KB
-
Sample
240403-f8s3yahc7t
-
MD5
a172b261614d5d5d0513ecfa06bc5711
-
SHA1
24369f2c0e1f299462676a4f842e5ea1d205b2d3
-
SHA256
d7fa1327e8e502c0658dc031eac50affd1a40ec45aee6c0110d61d0ebe9744a5
-
SHA512
256dd2c97de6b87be2c5890ecb1384c55008a23ce07a984ef84c8f10648d12b3898c14283b7ead9a39af505e01044159b0dfaec3e4b960826ecc7c28aa4b8ba8
-
SSDEEP
12288:GO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl9vai2K046Mnq0UnsO5lJkKzUvoQ:XHBQLW10ergut8+VuRHPXWMjk
Static task
static1
Behavioral task
behavioral1
Sample
a172b261614d5d5d0513ecfa06bc5711_JaffaCakes118.exe
Resource
win7-20240319-en
Malware Config
Extracted
formbook
4.1
rf3t
palmettohomeswakulla.com
sorelleapparel.com
abouttohour.com
ogrownhemp.com
themontagnard.com
zarioch.space
lty712.info
ajdstone.com
600plusgymspa.com
schmitzland.com
luhuigw.com
mysafeplacetoinsure.com
barkpark.club
investigation-science.com
sermonartnotes.net
gorgeousflippinllc.com
smarttrendshop.com
markusjungfoto.com
glyzaelbol.info
thewiseowl.art
ladycigarclub.com
compasschick.com
xrk72.xyz
mynextversion.com
stresimer.com
bugitee.com
tofigaming.com
themokyoco.com
rickysinmiami.com
terashun-shop.com
istanbulartroskopi.xyz
sleekrevenge.com
linqlax.com
scenic-usa.com
catnapupuncture.com
ioqoqoquyi.xyz
romantictravels.love
skillfulscooptoseetoday.info
eatonmilano.com
fhaonlinehomes.com
jumpmine.com
economybevmachinery.com
stereodeluxemusic.com
652ch.com
ecnomi.com
eastvalleyloanofficer.com
naytor.online
mpteaminc.com
ghalerodkhan.com
rentalpixels.com
jerrysmunchies.com
jackohoeg.com
haroldbrandon.com
sipsongpanna.biz
gooddeats.com
dtdfamily.com
metaphilestudios.net
bgari.com
sarsukeiw.xyz
brunsbouw.net
myfilthy.com
mcnallynd.xyz
corridapromocao.com
nishiawakura-rain.info
logjed063.xyz
Targets
-
-
Target
a172b261614d5d5d0513ecfa06bc5711_JaffaCakes118
-
Size
942KB
-
MD5
a172b261614d5d5d0513ecfa06bc5711
-
SHA1
24369f2c0e1f299462676a4f842e5ea1d205b2d3
-
SHA256
d7fa1327e8e502c0658dc031eac50affd1a40ec45aee6c0110d61d0ebe9744a5
-
SHA512
256dd2c97de6b87be2c5890ecb1384c55008a23ce07a984ef84c8f10648d12b3898c14283b7ead9a39af505e01044159b0dfaec3e4b960826ecc7c28aa4b8ba8
-
SSDEEP
12288:GO4jeQ5jsruJH+ReJqvqfLRXwK4+HNONnvsyl9vai2K046Mnq0UnsO5lJkKzUvoQ:XHBQLW10ergut8+VuRHPXWMjk
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-