General
-
Target
0efccf2448b8817b3c91eb70cb0be8ee_JaffaCakes118
-
Size
679KB
-
Sample
240502-tr34gacf7s
-
MD5
0efccf2448b8817b3c91eb70cb0be8ee
-
SHA1
6a90ab3e7b1e93616f18eca453b15c334a361985
-
SHA256
9619240faf2829361a26d9efc70b1c03f63b342f368ec959eb31e467011196b1
-
SHA512
faf33661d969437387a57bbec346a92b3d62f9381c742ca74c7c5c61b6e730c6e29d1a28540240b9c41dbe04e906fd39c6f6fc9696a3b86358fa6f434431c895
-
SSDEEP
12288:nsCOryB5QNN5JIrumfugKrcvi4nWV36s8e58217hAvhar+TT8gL:sb65+JIr1uvY7WF6sT5LZ8q
Static task
static1
Behavioral task
behavioral1
Sample
0efccf2448b8817b3c91eb70cb0be8ee_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
ehau
faerdeng.com
whephe.com
annergydesigns.net
goto.chat
okefwp.promo
antonelladesarno.net
millroad-x7.net
profectus-capital.com
rakthaifestival.com
hitgeneticpupil.com
changediary.com
crossnets.com
nuvo2.com
xuongdochoigo.com
sharktankupdated.com
cliqueinherd.com
plainviewhotel.com
bobfilm-hd.com
2642harrison.com
thehandmadebow.net
morganasales.systems
miamiorlandobybus.com
kairosgrcu.net
manbet560.com
lkahsytdsauynow.online
daimasiren.com
crossfmhaiti.net
kowsalya.com
truenorthmotel.com
caobi913.com
xafzhy.com
pacificmediaarts.com
theminingjournal30.com
bloxilla.com
appsmonks.com
1c7eightthese.men
4757citrus.com
eve-state.com
myrectime.biz
individualka-pro.com
trufff.com
puppycentral.love
chifrica.com
conversion-manager.com
liahfagotti.com
shit10086.com
rboelenscpa.com
katiamitova.com
midominioprivado.com
thelouzandishdasha.com
hipreplacementapp.com
jinmeishiclock.com
truthseekerbeauty.com
atlaspbb.com
tv16947.info
laonianxue.com
urgence-serrurerie-95.com
fantastic-gymnastics.com
klickkrowd.com
gotechpluz.com
qahdlrg.com
hybridranch.com
jwfindia.com
qianzunxin.com
joomlas123.info
Targets
-
-
Target
0efccf2448b8817b3c91eb70cb0be8ee_JaffaCakes118
-
Size
679KB
-
MD5
0efccf2448b8817b3c91eb70cb0be8ee
-
SHA1
6a90ab3e7b1e93616f18eca453b15c334a361985
-
SHA256
9619240faf2829361a26d9efc70b1c03f63b342f368ec959eb31e467011196b1
-
SHA512
faf33661d969437387a57bbec346a92b3d62f9381c742ca74c7c5c61b6e730c6e29d1a28540240b9c41dbe04e906fd39c6f6fc9696a3b86358fa6f434431c895
-
SSDEEP
12288:nsCOryB5QNN5JIrumfugKrcvi4nWV36s8e58217hAvhar+TT8gL:sb65+JIr1uvY7WF6sT5LZ8q
-
Formbook payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-