General
-
Target
faa036cbca3230e8df524875427c41fd_JaffaCakes118
-
Size
753KB
-
Sample
240419-s5dv3aha4z
-
MD5
faa036cbca3230e8df524875427c41fd
-
SHA1
9e3f388448f7c7ca4dcde0ab6fda56897a3afc53
-
SHA256
51c9e29ebe25067c055b664cacc4c4d46b8d19bddd488936c3bab19906311806
-
SHA512
466d0b9333699799c787253c50bce6daa2e8ec34d99a529cd72e6b4bb70705a906fb1ddb3269dbf15a38bfebfcddd4c53a2215da43f65a4555115c04d3d2e81e
-
SSDEEP
12288:D0UhJO0COsBgo0q4wMm2lINuWber+ZXocxP74+VlkJaPeDCzgDG010kz4:D0UhCOsBgo0q4wMnbAe6v74+jktDYgl2
Static task
static1
Behavioral task
behavioral1
Sample
faa036cbca3230e8df524875427c41fd_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
z7a
dotstories.xyz
egd-dz.com
caringhealthrecruit.com
transportdupont.com
teh-support.pro
catfad.com
pinewoodlakepool.net
pendekar-qq.info
duplicuty-garden.com
librtshop.com
stepmed.life
seatplusplus.com
bluzelle.money
weflew.xyz
bolaci.com
arrebatamentonews.com
sukesanblog.com
shadow-campaign.com
anpfiff.net
taste-of-poland.com
fortniting.com
hotels-congres.com
seven10sixty.com
sarahbeanfalo.net
qoslkkhqtg.net
balancewithdrjody.com
jinjulicm.com
vlccfixtures.com
formsautomationsolution.com
ssrinfo.com
viidegrees.com
blueskysites.com
asamedicalsystems.com
ukl.ink
energymanagerpro.com
teammcniffrealestate.com
ava.education
ericsmobileworkshop.com
top10shadetrees.com
renovialab.com
motorworld.rentals
delossantos4nc.com
kaisuo69.com
flyfishingdaily.com
easyhomeone.com
empeflix.com
firstfamilyofwdw.life
solevux.com
maycheer.store
unleashedword.com
supremenursery.com
stagenego.com
corona-massnahmengesetzii.info
adultwebmas.com
jackcockburn.com
ibalawyer.com
freeliving.xyz
cybersecuredad.com
virtualipassistant.com
800seyana.com
directlinestream.com
proprepflooring.com
kaustubhkokate.com
hoslergroup.com
surreal-myzrael.com
Targets
-
-
Target
faa036cbca3230e8df524875427c41fd_JaffaCakes118
-
Size
753KB
-
MD5
faa036cbca3230e8df524875427c41fd
-
SHA1
9e3f388448f7c7ca4dcde0ab6fda56897a3afc53
-
SHA256
51c9e29ebe25067c055b664cacc4c4d46b8d19bddd488936c3bab19906311806
-
SHA512
466d0b9333699799c787253c50bce6daa2e8ec34d99a529cd72e6b4bb70705a906fb1ddb3269dbf15a38bfebfcddd4c53a2215da43f65a4555115c04d3d2e81e
-
SSDEEP
12288:D0UhJO0COsBgo0q4wMm2lINuWber+ZXocxP74+VlkJaPeDCzgDG010kz4:D0UhCOsBgo0q4wMnbAe6v74+jktDYgl2
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook payload
-
Suspicious use of SetThreadContext
-