General
-
Target
c8199355d0ca0fe289ea4d1ee018ff47_JaffaCakes118
-
Size
1.0MB
-
Sample
240405-cqx3dsac65
-
MD5
c8199355d0ca0fe289ea4d1ee018ff47
-
SHA1
ac0428f426c0bda431bd80f6abab183ccd484d07
-
SHA256
127262efb50609596b0597f1f357d75ff1dca0a0519fd8805d4fac1b288abae7
-
SHA512
0f1f70ef0bbfa75b53a57549ef170d493b2706bbb8c41c2288fb831ace0dce902e6b9fa97834baf4b0adaa995df3767318055ad43b5bd366bbe257678f1da395
-
SSDEEP
12288:jSMa7/gxmfOwwi0O2iNNHeIwbZhqQGo7w7xamI3XdqKbE0xsoI76JswNaSctMX:bA/08EO17eIKZh7UdvI3tBbG76J4M
Static task
static1
Behavioral task
behavioral1
Sample
c8199355d0ca0fe289ea4d1ee018ff47_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
k9d0
flourishpodcast.xyz
xn--nga.group
music-tomato.com
motory.store
arrivehike.info
xn--diseowebseo-4db.com
centpourcentsons.com
qnnjja005.xyz
annielynnrose.com
darlaevans.com
door-maximum.com
chinataibaifen.com
stickerhicks.com
ta2gamesstudio.com
jendelanews.com
milestoneneuro.com
premierconciergehomes.com
exitcounter.com
jrsway.com
famurainmobiliaria.com
rutielvoitte.xyz
dhft.xyz
fshesan.com
farmaciavicentellaudesfmas.com
aolchattranscripts.com
huangzh.store
treybenson.com
globalnepalimusicaward.com
red0rangejuice.com
getfreemushrooms.net
miro24.icu
agiatektro.com
nature-hugreen.com
hiaey.online
mysupersol.com
ordermeikingpawtucket.com
xyaomao.com
epistledigital.com
robertgeniesse.com
6m8r6i.icu
metalodging.com
mailez1.net
fondoimpresadonna.com
suckhoemoingay26.website
palakasorel.rest
expanchemlcals.com
itfgf.xyz
hindiepustakalaya.com
axieinfiniti.net
med-news.club
geekgarment.com
sanaviiva.xyz
unicouno.com
northcromepoa.com
sanclementesportsacademy.com
ventasjustin.com
d7snv.xyz
yutasblog.com
kingcloud88.com
ijibejivv.xyz
routhchafe.com
arcane-sentinels.com
sscd5g.icu
seo-kumar.com
dotgroup-email.com
Targets
-
-
Target
c8199355d0ca0fe289ea4d1ee018ff47_JaffaCakes118
-
Size
1.0MB
-
MD5
c8199355d0ca0fe289ea4d1ee018ff47
-
SHA1
ac0428f426c0bda431bd80f6abab183ccd484d07
-
SHA256
127262efb50609596b0597f1f357d75ff1dca0a0519fd8805d4fac1b288abae7
-
SHA512
0f1f70ef0bbfa75b53a57549ef170d493b2706bbb8c41c2288fb831ace0dce902e6b9fa97834baf4b0adaa995df3767318055ad43b5bd366bbe257678f1da395
-
SSDEEP
12288:jSMa7/gxmfOwwi0O2iNNHeIwbZhqQGo7w7xamI3XdqKbE0xsoI76JswNaSctMX:bA/08EO17eIKZh7UdvI3tBbG76J4M
-
Modifies WinLogon for persistence
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-