General
-
Target
fae4eb97ef670e17d1dfd5def02055d7_JaffaCakes118
-
Size
719KB
-
Sample
240419-wyf9dscf3z
-
MD5
fae4eb97ef670e17d1dfd5def02055d7
-
SHA1
5b3d7e28242ca089aedde236dbb5982107422ede
-
SHA256
5861ee83ca80dbfd549f2d8132c317020de7d070c5cf965518c552656fd54d7c
-
SHA512
a0bf8a418435214338969291120a56ed314ca50eafaea1954a8aa35374bbf83f0a2f764c5cde8e006a3587b3ae1536381d4f81f03963f019fa7a66cf8c476b1b
-
SSDEEP
12288:uSyPU9BPU92IX53yLDjAOsBgo0q4wMwmbd4Yj83FhW7EyeWk3QOXAKE2Et3hReDT:uSrjAOsBgo0q4wMLbKYj2lyE3QOXAKE+
Static task
static1
Behavioral task
behavioral1
Sample
fae4eb97ef670e17d1dfd5def02055d7_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
kkt
inspirafutebol.com
customgiftshouston.com
mycreativelending.com
psplaystore.com
newlivingsolutionshop.com
dechefamsterdam.com
servicingl0ans.com
atsdholdings.com
manifestarz.com
sequenceanalytica.com
gethealthcaresmart.com
theartofsurprises.com
pirateequitypatrick.com
alliance-ce.com
wingrushusa.com
funtimespheres.com
solevux.com
antimasathya.com
profitexcavator.com
lankeboxshop.com
aarthiramamurthy.com
oldmopaiv.xyz
mavispaguzellik.com
milkamax.com
sputnikvasisi.com
gametoyou.com
sisconbol.com
thedreamcertificate.com
vichy-menuiserie.com
pv-step.com
growingmindstrilingual.com
tlcrentny.com
jedshomebuilders.com
curtailit.com
integruschamber.com
lanzamientosbimbocolombia.com
tightlinesfishingco.com
doubleuphome.com
arctic.solar
unstopabbledomains.com
aggiornamento-isp.info
clarkandhurnlaw.com
barefootbirthstl.com
seanfeuct.com
measureformeasurehome.com
stephsavy.com
loveflowersandevents.com
czsis.com
midnightblueinc.com
today.dental
customwithme.com
edisetiyo.com
jasoneganrealtor.com
rihxertiza.com
seahorseblast.net
nedayerasa.com
cliftonheightshoa.net
theprofilemba.com
cfwoods.com
dogggo.com
casatranquillainletbeach.com
u1023.com
aromakapseln.com
zhwanjie.com
hometowncashbuyersgroup.com
Targets
-
-
Target
fae4eb97ef670e17d1dfd5def02055d7_JaffaCakes118
-
Size
719KB
-
MD5
fae4eb97ef670e17d1dfd5def02055d7
-
SHA1
5b3d7e28242ca089aedde236dbb5982107422ede
-
SHA256
5861ee83ca80dbfd549f2d8132c317020de7d070c5cf965518c552656fd54d7c
-
SHA512
a0bf8a418435214338969291120a56ed314ca50eafaea1954a8aa35374bbf83f0a2f764c5cde8e006a3587b3ae1536381d4f81f03963f019fa7a66cf8c476b1b
-
SSDEEP
12288:uSyPU9BPU92IX53yLDjAOsBgo0q4wMwmbd4Yj83FhW7EyeWk3QOXAKE2Et3hReDT:uSrjAOsBgo0q4wMLbKYj2lyE3QOXAKE+
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook payload
-
Suspicious use of SetThreadContext
-