General
-
Target
fbdc152b902ae2188e48ee08271321cf_JaffaCakes118
-
Size
897KB
-
Sample
240420-edq5esgd8w
-
MD5
fbdc152b902ae2188e48ee08271321cf
-
SHA1
016c9daf134074eba066378a1355e406340d71a0
-
SHA256
20edf62000816d59f1100dabf3e16f55e7445f4578550a5e89af2c5558571cd3
-
SHA512
90219931b5537b6ff783acd7c9df4817803d40d922aa393975464b2b78aa63078d898bd62352e1d1235a309aa475a4a3a042c13cdc8b5d745d66d3186a54de21
-
SSDEEP
12288:vdfL13IjY/bh7iS/d348C9SvUnJG6uA1zYA/06S5o1lcSVSB0c9Pc20:pLtaeAS/d32sIG4Yu06S5ESB/cJ
Static task
static1
Behavioral task
behavioral1
Sample
fbdc152b902ae2188e48ee08271321cf_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
upio
thecantonmentcookhouse.com
1for1ecomask.com
thatvintagehome.com
momentbymomentmindfulness.com
denxmedia.com
arc-corner.com
siddharthmakharia.com
meiluk.com
toughu.com
hotelwisatabaru.com
ibluebelt3dbuy.com
bestfootwearhk.com
wbjobalerts.com
radiancenurestoringcleanse.com
xintianlongyeya.com
docauphuhau.com
liberty-furniture.com
ranchhousepizzaonline.com
bednhomes.com
kollakids.com
jumtix.xyz
hallbergtownhomes.com
thenewnaughty.com
thirtytwoandprospect.com
malukeji.com
minecraftmastery.com
vvww-avito.net
rheconsultoria.com
albukharyschools.com
ffully.com
christiansenlawoffice1.com
testghghgh.com
ridersbesttime.com
priyathams.com
laamin.today
tjew.club
classicvidz.com
homelandrealestateschool.com
fytwe.com
newsqribble.icu
vaxcova.com
modernankara.com
domentemenegi50.net
suryadjalil.com
tmpsytech.com
rubyclyde.com
makeupbrush.academy
pennydarbyshire.com
gobulko.com
brownbusinessowners.com
oftenchic.com
s998vip.com
tuhuertica.com
militaryhype.com
itsinthereimage.com
20revcoe.com
goodhandsclinic.com
88finxe.com
xn--gstemappe-v2a.digital
wheresbitty.com
pointdatorcida.com
jackielespiegle.com
uecdlt.com
yoshizawaryo.com
furniture-of-ironforge.com
Targets
-
-
Target
fbdc152b902ae2188e48ee08271321cf_JaffaCakes118
-
Size
897KB
-
MD5
fbdc152b902ae2188e48ee08271321cf
-
SHA1
016c9daf134074eba066378a1355e406340d71a0
-
SHA256
20edf62000816d59f1100dabf3e16f55e7445f4578550a5e89af2c5558571cd3
-
SHA512
90219931b5537b6ff783acd7c9df4817803d40d922aa393975464b2b78aa63078d898bd62352e1d1235a309aa475a4a3a042c13cdc8b5d745d66d3186a54de21
-
SSDEEP
12288:vdfL13IjY/bh7iS/d348C9SvUnJG6uA1zYA/06S5o1lcSVSB0c9Pc20:pLtaeAS/d32sIG4Yu06S5ESB/cJ
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-