General
-
Target
bfb2b5d00165cb4984c29c172e0dad8d_JaffaCakes118
-
Size
250KB
-
Sample
240404-w7wqfafe85
-
MD5
bfb2b5d00165cb4984c29c172e0dad8d
-
SHA1
e5baa4cfe4b0ec678910e94fc8785fd28605bb6b
-
SHA256
e6aaec2b958d4b734ff02c7c63b7e24a619eef826efb16b955ebe5306b9953aa
-
SHA512
d0d20eda540283ead0b873c27f047c7f433c4f85e1a8b890c8c4ef7daeebc91c691c2aad59de1eccca26cc8748ba123f55200a183dd7a1421f98dbd264e96815
-
SSDEEP
6144:wBlL/celgJ3+QZizYdH9vPQI5pQpxL5T/Fo9RooX/:Ceem9AzQH14I5pQnm/
Static task
static1
Behavioral task
behavioral1
Sample
bfb2b5d00165cb4984c29c172e0dad8d_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bfb2b5d00165cb4984c29c172e0dad8d_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/irjzbmbgo.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/irjzbmbgo.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
formbook
4.1
rv9n
olivia-grace.show
zhuwww.com
keiretsu.xyz
olidnh.space
searuleansec.com
2fastrepair.com
brooklynmetalroof.com
scodol.com
novaprint.pro
the-loaner.com
nextroundscap.com
zbwlggs.com
internetautodealer.com
xn--tornrealestate-ekb.com
yunjiuhuo.com
skandinaviskakryptobanken.com
coxivarag.rest
ophthalmologylab.com
zzzzgjcdbqnn98.net
doeful.com
beatthebank.fund
deposit-pulsa2021.xyz
uptownsecuritysystems.com
thegroveonglendale.com
destinationth.com
healthcareuninsured.com
longhang.xyz
ypxwwxjqcqhutyp.com
ip-15-235-90.net
rancholachiquita.com
macblog.xyz
skillsbazar.com
beatyup.com
academiapinto.com
myguagua.com
fto8y.com
ohioleads.net
paravocebrasil.com
thecanyonmanor.com
acu-bps.com
comunicaretresessanta.net
schwa-bingcorp.com
discountcouponcodes-jp.space
kufazo.online
metaverge.club
800car.online
brendanbaehr.com
garfieldtoken.net
secretfoldr.com
13itcasino.com
marketingatelier.net
computersslide.com
marcastudios.com
thestreetsoflondon.life
maintaintest.com
cronicasdebia.com
apm-app.com
sepulchral.xyz
lodha-project.com
theartofsoulwork.com
swimminglessonsshop.com
klarnabet.com
control-of-space.net
heliumathletic.com
cjspizza.net
Targets
-
-
Target
bfb2b5d00165cb4984c29c172e0dad8d_JaffaCakes118
-
Size
250KB
-
MD5
bfb2b5d00165cb4984c29c172e0dad8d
-
SHA1
e5baa4cfe4b0ec678910e94fc8785fd28605bb6b
-
SHA256
e6aaec2b958d4b734ff02c7c63b7e24a619eef826efb16b955ebe5306b9953aa
-
SHA512
d0d20eda540283ead0b873c27f047c7f433c4f85e1a8b890c8c4ef7daeebc91c691c2aad59de1eccca26cc8748ba123f55200a183dd7a1421f98dbd264e96815
-
SSDEEP
6144:wBlL/celgJ3+QZizYdH9vPQI5pQpxL5T/Fo9RooX/:Ceem9AzQH14I5pQnm/
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/irjzbmbgo.dll
-
Size
29KB
-
MD5
3525f0279729cb34e886c8a83b5ce9c8
-
SHA1
b6edfeff839616e0155026cabed1e48de96a9063
-
SHA256
082c9b72407d063bb96c2830bcaf5f285d2d616e8a8d729a52b39ccbd30b8211
-
SHA512
2c74fc1a977204adb58a1af19850fa705716ca5c9b1d42f2b0d84dfe14a2e5c6af5f9e158b4cc132c1874de3b67cdd422cfc00e0dad63982718d5d0ce5f31f55
-
SSDEEP
768:JGpszi/8+qQSH3j623iROMappKGGgmPq5TN:FzlNQSH3j623iNaKyf5
-
Formbook payload
-
Suspicious use of SetThreadContext
-