General
-
Target
a29902cf02373bfc6e3c93f122ae6455_JaffaCakes118
-
Size
558KB
-
Sample
240403-we6d6sgf29
-
MD5
a29902cf02373bfc6e3c93f122ae6455
-
SHA1
ce4dc44e4aa735349f5c73e89b9d14bd973d865f
-
SHA256
1944e3560e3f0e997900d664726e2b3bd4cc3991000bbaf9888a92ff41e62c08
-
SHA512
7988dd9854ad1375bae3c35db8a28ae4402c0647f17d2e81544dd3b52f40d76001f385c2bcba79e2d3c61a0d6add656a62b1842b271b327155062ba3db2e8860
-
SSDEEP
12288:KdM8SBPSmGZ9nrPFQylP/d89uMrW9V/Pf6AptshRbl8:KdmBP0TrnlbMrW9V3ohR+
Static task
static1
Behavioral task
behavioral1
Sample
a29902cf02373bfc6e3c93f122ae6455_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
mknl
ortapasgol.com
dainen-nenryo.com
gimnasiaparatodos.com
odisea.company
directfactoryshop.com
116cloud.com
bestillwithliv.com
gentciu.com
av24.life
goeseo.com
navitie.com
sciencemallblog.club
mindy-land.com
tts-qatar.com
wissen-tool.com
sunispoison.solutions
fl10085.com
cuernavacanorth.com
27631niguelvillage.com
investmentpeers.com
cliposaude.com
ggdplp.com
zazulina.info
samsacadamy.com
vertexbutors.com
ultraccurate.net
decentmaterial.com
rayzenenergy.com
amazingrealtors.info
openzumo.xyz
madamvicepresident.net
visionsports.pro
adventureprooutfitters.com
pokerup.pro
ksu-family.com
roshantailor.com
andylau2007.com
phantichdulieu.info
forthepriceoftwo.net
dragonslayer.icu
pitonspb.com
joyeriaguitzel.com
awdpeoples.com
texproservicesllc.com
whitecircleusa.com
dfendglobal.com
streethere.net
fishotail.com
wavenet.technology
pappyjacksfoodtruck.com
blossoming-mama.com
next-hudousan.com
superbeatstv.com
ahostructural.com
khoobsuratbazaar.com
friendsofthemid.com
vincentdistributors.com
stateofthearttheatre.com
superioronshop.com
kaspersky-update.online
entry.solutions
krplunk.com
hot-skins.club
online-mix-mastering.com
nytimescrosswordsolution.com
Targets
-
-
Target
a29902cf02373bfc6e3c93f122ae6455_JaffaCakes118
-
Size
558KB
-
MD5
a29902cf02373bfc6e3c93f122ae6455
-
SHA1
ce4dc44e4aa735349f5c73e89b9d14bd973d865f
-
SHA256
1944e3560e3f0e997900d664726e2b3bd4cc3991000bbaf9888a92ff41e62c08
-
SHA512
7988dd9854ad1375bae3c35db8a28ae4402c0647f17d2e81544dd3b52f40d76001f385c2bcba79e2d3c61a0d6add656a62b1842b271b327155062ba3db2e8860
-
SSDEEP
12288:KdM8SBPSmGZ9nrPFQylP/d89uMrW9V/Pf6AptshRbl8:KdmBP0TrnlbMrW9V3ohR+
-
Formbook payload
-
Suspicious use of SetThreadContext
-