General
-
Target
0d6de95f5aa6aa1e55a702aa5345936d_JaffaCakes118
-
Size
764KB
-
Sample
240502-eklhhsad46
-
MD5
0d6de95f5aa6aa1e55a702aa5345936d
-
SHA1
29c307adedb54efce48415599d2be03ead371c96
-
SHA256
0ddee6b5c155d6df5b4b1cc165c9ed467084d74a6312a0c724ab3ac2d56d45f7
-
SHA512
813141146898ffe5ee13bb7f456c6ad45e841531447b255f84b826ddbbe044d5e78f4c095bb51aa7c53b90f0bc5b10e3fbf64dfad96d8aa867960b5df909b588
-
SSDEEP
12288:cEPEvEHEqENE1EqEfE0EyEQT3F7R6WY0AAxAC+88juBxE:cEPEvEHEqENE1EqEfE0EyEA317hr+KE
Static task
static1
Behavioral task
behavioral1
Sample
Pop_slip_3251.exe
Resource
win7-20240215-en
Malware Config
Extracted
formbook
3.9
h9s
domidu.com
twelvei.com
palchecker.com
onariart.com
thescarfhut.com
alimotorsandbikes.com
brianneamira.com
tabwindow.com
babybabymom.com
howtostartanllcbusiness.com
cjaiou.com
californiamentoring.com
21millionbits.com
metgranite.com
ujphy.com
8eves.com
backstorysongs.com
www835234.com
szshijia.com
alquimarket.com
mufalaherbal.com
fouzhuan.com
seriouslygay.net
theadfbaq.info
bjjhbj.com
justsweetstuff.com
work-with-mfo.com
dynamicbrazil.win
adafha.com
lilacboat.com
itskayarie.com
captice.com
atasehirekin.com
industrialsyndemics.com
550313.top
eddyespinal.com
kablosuzsinema.com
woofahs-pet-directory.com
c-what-i-c-info.com
hochzeitszauberberlin.com
lanying.group
jkwe3.com
regional.immobilien
mansim.com
artscurator.net
letstravelmex.com
fasreceptor.com
hezonglvshi.com
utimatespellcaster.com
1a1eightabout.men
bhadrakmarket.com
internetwealthexposed.com
intrumpwetrust.estate
aifra.net
garbageangel.com
l3vdinnqj.online
xinchunmiaomu.com
wsxyjx.com
gildedgreenhouse.com
heartofyc.com
retainoo.com
wonwiki.com
nishiogi-nabeoka-clinic.com
runchallenge365.com
stmonlag.com
Targets
-
-
Target
Pop_slip_3251.exe
-
Size
704KB
-
MD5
55fe3086f122a24a99c6e04cbe4f4682
-
SHA1
a8258960189d95615976a84f31120485bca5079d
-
SHA256
19182153562a0d7e20eb77e0392a38910d6d3541c43802aa2f747d352d0d6d06
-
SHA512
1bb2e5bfc13f4976f2799f99195ccb0f0a085f33c7144e915ec50e109ccb2964ab115af9f9ad7eeb9a40d0599e1136b76db785643d3eb12debd879db5fa6650d
-
SSDEEP
12288:JEPEvEHEqENE1EqEfE0EyEQT3F7R6WY0AAxAC+88juBxE:JEPEvEHEqENE1EqEfE0EyEA317hr+KE
-
Formbook payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-