General
-
Target
0d9f4cfd7e9832130b6354a6a388c164_JaffaCakes118
-
Size
1.1MB
-
Sample
240502-f4lhashh9w
-
MD5
0d9f4cfd7e9832130b6354a6a388c164
-
SHA1
adc78c9d2d1fdd5c87d7df22ee980471dbcd74f9
-
SHA256
7c3dcebffb8897039b6c9d722cfb553e06035a8e51c2c978cc0e38faf59c4c18
-
SHA512
ee1c1f63473a8c21c85fbb2f07368739bc5b7fc2a35ce26f66a7f1d82e871dba5c576a3504ed117e6299db655b1cd9215d43082016f7a2fee35e9fc7df268a54
-
SSDEEP
24576:/d8xg1PEqUoBicvoGAiTIDVvZbx+7p3+tq/hafC8Uq:F8xg1sqUoBiHhVZbxqFQK8U
Static task
static1
Behavioral task
behavioral1
Sample
0d9f4cfd7e9832130b6354a6a388c164_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
3.8
hx200
noithatmyanh.com
agrimarineholdings.com
flapbrushes.com
wealthdragons.media
009ee.com
beautyindustrybadass.com
dg-ea.com
chewblaserwedding.com
shadesofaquarius.com
kitnekaa.net
0m2fourlook.men
xequangninh.com
respirosciamanico.com
china8315.com
jwvkur.com
fv520.com
xdrinkx.com
zxcvxcv.com
zheyongtools.com
123eela.com
useanapkin.net
allstarsandunderdogs.com
777ope.com
staging-clients.com
chunzhenjp.com
everydayvalor.com
utopia.institute
tinytongues.com
silasnordgren.com
casamentoarleteealvarofilho.com
containerinfra.com
ttmoonykoalagifts.com
cassandrajewelry.com
lamanna.tech
texasfrequentflyers.com
construccionesyacabados.net
bookmarkday.com
mdcinsurance.net
1inkfbvn.date
hejdeer.com
nongcuncun.com
tradeshowmaterial.com
renovatiohr.com
rbghg.info
cheqiangwei.com
whitewaterscouts.com
honne-tatemae.com
dunbarbraces.com
present-ninki.com
federatedclock.com
gorgeartists.com
h3boxtraining.com
thethermiekitchen.com
testosteronerush.com
1407julian.info
elysianent.com
youtuberidol.com
colombiajustaylibre.com
gapcustomersurvey.com
ijcanon.com
sainubank.com
delightpower.com
this-hiking-cycling.com
kenhigashifushimi.com
subducker.info
Targets
-
-
Target
0d9f4cfd7e9832130b6354a6a388c164_JaffaCakes118
-
Size
1.1MB
-
MD5
0d9f4cfd7e9832130b6354a6a388c164
-
SHA1
adc78c9d2d1fdd5c87d7df22ee980471dbcd74f9
-
SHA256
7c3dcebffb8897039b6c9d722cfb553e06035a8e51c2c978cc0e38faf59c4c18
-
SHA512
ee1c1f63473a8c21c85fbb2f07368739bc5b7fc2a35ce26f66a7f1d82e871dba5c576a3504ed117e6299db655b1cd9215d43082016f7a2fee35e9fc7df268a54
-
SSDEEP
24576:/d8xg1PEqUoBicvoGAiTIDVvZbx+7p3+tq/hafC8Uq:F8xg1sqUoBiHhVZbxqFQK8U
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-