General
-
Target
124f0b93c79dd5fba12c0b64eefd58aa_JaffaCakes118
-
Size
298KB
-
Sample
240504-mg764sbb6w
-
MD5
124f0b93c79dd5fba12c0b64eefd58aa
-
SHA1
ad864f5bfae0639e1dd87fc9c0965aa2744e43e6
-
SHA256
94c8217c6ca6741440e10e50742b44835eddba76885f5867ab776b3fe6e5f8d5
-
SHA512
c7221819d789a5bb1d0368d39ab03e05393eaa84a8ccf3df3dd4ca9a4e8dd3f535566c49ae839545e972fdaaac2a4e550f9ff31248a3d8ba0b9f4761b19ebbf6
-
SSDEEP
6144:Muv6nLXXc26fSgwcWG/dv41lN+5FzluPpC4rqdLXS:IzcxSg3Bd+O9uPp/+1XS
Static task
static1
Behavioral task
behavioral1
Sample
124f0b93c79dd5fba12c0b64eefd58aa_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
be
linkedinideas.com
conceptcultivation.com
jerecyclemescapsules.com
waroenginggris.com
theparentslogue.com
yitongmoney.com
zonageneral.info
theeasyindia.com
scetup.net
alqcfka.com
canadensiscannabis.com
nouveaumonde-social.com
villerai.com
7665k.com
buzzfeedam2dm.net
8358358.com
tfuidw.men
brctsrm.com
kheyul.info
brotwirsthaus.com
mutocom.com
therockandrollemporium.com
furymators.com
dachenggarlic.net
taitaide.com
onlineserviceconnect.com
expressaliveseafood.com
heydad.site
sljxly.com
mame-chocchu.com
youryonidoula.com
wwwlao0099.com
confederatehistorymonth.com
piabetguvenilirmi.com
hokky10.party
nnn9227.com
tailzj.com
moodsticks.com
experienciaslow.com
awsiteservices.com
vigilantemx.com
herbaganics.com
midwife-maizo.com
vivirenformentera.com
228882007.com
crossfiteysines.com
alltheagency.com
health-med.today
royaltybakes.com
ljgjzw.com
go-with-the-flaw.com
vpaydoctor.com
tagautomationgroup.net
cyclingvibe.com
hempdistillary.com
bhgmarketplace.com
inspire-channel.com
smhbooking.com
asadordonregio.com
5xxdb3.info
medikalworld.com
jackraindance.info
extreme-adrenaline.com
pandime.com
curaxin.com
Targets
-
-
Target
124f0b93c79dd5fba12c0b64eefd58aa_JaffaCakes118
-
Size
298KB
-
MD5
124f0b93c79dd5fba12c0b64eefd58aa
-
SHA1
ad864f5bfae0639e1dd87fc9c0965aa2744e43e6
-
SHA256
94c8217c6ca6741440e10e50742b44835eddba76885f5867ab776b3fe6e5f8d5
-
SHA512
c7221819d789a5bb1d0368d39ab03e05393eaa84a8ccf3df3dd4ca9a4e8dd3f535566c49ae839545e972fdaaac2a4e550f9ff31248a3d8ba0b9f4761b19ebbf6
-
SSDEEP
6144:Muv6nLXXc26fSgwcWG/dv41lN+5FzluPpC4rqdLXS:IzcxSg3Bd+O9uPp/+1XS
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-