General
-
Target
fa3f2124cf9b027ca2b8a04df5e27cc2_JaffaCakes118
-
Size
1.5MB
-
Sample
240419-n45j6sca2w
-
MD5
fa3f2124cf9b027ca2b8a04df5e27cc2
-
SHA1
be0968843e1654dd2a5b7f7085226188d9276276
-
SHA256
b85055ab3db03b5496bcd19448c54dea594d8f44cc84d17f99cbf6cd9085fa2d
-
SHA512
d40399ed1c72a3907ebd8697fba492da2e71728fb8bbeb39ad01bbbc6edb7931b3902d4782d815a18c4f313b2f2d1c1425da95be6a12a8d005a3506830311c83
-
SSDEEP
24576:0ZZS5R0pULbNWrOAJPidVEHMvx1vHYY1o:03BpvJPidV5vx1v
Static task
static1
Behavioral task
behavioral1
Sample
fa3f2124cf9b027ca2b8a04df5e27cc2_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
upio
thecantonmentcookhouse.com
1for1ecomask.com
thatvintagehome.com
momentbymomentmindfulness.com
denxmedia.com
arc-corner.com
siddharthmakharia.com
meiluk.com
toughu.com
hotelwisatabaru.com
ibluebelt3dbuy.com
bestfootwearhk.com
wbjobalerts.com
radiancenurestoringcleanse.com
xintianlongyeya.com
docauphuhau.com
liberty-furniture.com
ranchhousepizzaonline.com
bednhomes.com
kollakids.com
jumtix.xyz
hallbergtownhomes.com
thenewnaughty.com
thirtytwoandprospect.com
malukeji.com
minecraftmastery.com
vvww-avito.net
rheconsultoria.com
albukharyschools.com
ffully.com
christiansenlawoffice1.com
testghghgh.com
ridersbesttime.com
priyathams.com
laamin.today
tjew.club
classicvidz.com
homelandrealestateschool.com
fytwe.com
newsqribble.icu
vaxcova.com
modernankara.com
domentemenegi50.net
suryadjalil.com
tmpsytech.com
rubyclyde.com
makeupbrush.academy
pennydarbyshire.com
gobulko.com
brownbusinessowners.com
oftenchic.com
s998vip.com
tuhuertica.com
militaryhype.com
itsinthereimage.com
20revcoe.com
goodhandsclinic.com
88finxe.com
xn--gstemappe-v2a.digital
wheresbitty.com
pointdatorcida.com
jackielespiegle.com
uecdlt.com
yoshizawaryo.com
furniture-of-ironforge.com
Targets
-
-
Target
fa3f2124cf9b027ca2b8a04df5e27cc2_JaffaCakes118
-
Size
1.5MB
-
MD5
fa3f2124cf9b027ca2b8a04df5e27cc2
-
SHA1
be0968843e1654dd2a5b7f7085226188d9276276
-
SHA256
b85055ab3db03b5496bcd19448c54dea594d8f44cc84d17f99cbf6cd9085fa2d
-
SHA512
d40399ed1c72a3907ebd8697fba492da2e71728fb8bbeb39ad01bbbc6edb7931b3902d4782d815a18c4f313b2f2d1c1425da95be6a12a8d005a3506830311c83
-
SSDEEP
24576:0ZZS5R0pULbNWrOAJPidVEHMvx1vHYY1o:03BpvJPidV5vx1v
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-