General
-
Target
16b37e1c485c94e3d1250e878d393b1f_JaffaCakes118
-
Size
737KB
-
Sample
240505-jrrqbsbf7v
-
MD5
16b37e1c485c94e3d1250e878d393b1f
-
SHA1
29686051a447d45294c79e8b150c484b9d5df412
-
SHA256
359440df1e4a2a524982d61b525e45aee7c32bf267a634c2ae150ebf88e9e646
-
SHA512
24b49bbc13d39586c19116534ef833191761618e8fde0cf1b0eecf32a8d6caf1cd8e631f26c5769a447c8d6fabb6bfe17174bc1ce0612fb4765e536748eaed6c
-
SSDEEP
12288:r/c6xTgK8nyl7B3ubmmFuzKb7LSKQ2KfKH/A7qg+esTCm:7lmKN3Am34Sl2kq/AQ2m
Static task
static1
Behavioral task
behavioral1
Sample
16b37e1c485c94e3d1250e878d393b1f_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
3.8
a1
imissalis.com
quratedcollection2017.com
sbb120.com
023xykj.com
yurdental.com
pinnaclementors.com
gettingbeeshome.com
culturalytics.com
projectsweatexperience.com
lyljk.com
lamaketang.com
sosaclean.com
justcallhome.net
showdeofertasnet.com
laruta93.com
want-to.date
htxconstructionconsulting.com
orangegroupcr.com
nguyenquyetdinh.com
ghostmonarch.com
rodo24.info
daysunblind.win
penetipibosace.com
masha022.com
ptwpremium.net
nightmaresandnibbles.com
kfqcwy.com
coreedu.net
hipdecide.com
pricedyoung.info
redeemedsole.com
airpowerapple.com
trackurban.com
854vsf.info
oyado-kyugetsu.com
test2dedsept14.com
rateioreceita2018.com
thefloweressencecoach.com
theutility.store
postar.digital
weldywritings.com
jaisalmer.site
mucklerphoto.com
opencloud.info
rotush.com
resulthero.com
agg-consulting.com
ajim-senkyo.site
ebestmovie.info
bbb594.com
secondhandreads.com
binaconcept.com
temporaryroofrepair.com
equivocations.info
179mvy.info
marie-liesse-voyance.com
lamaidsinc.com
mcenteeconsulting.services
official-mostbet-kenya.site
jradamsstudios.net
doamensrazorsok.live
zwavehubs.com
iviti-ar.com
recruitmentstaffingdir.com
91ruitue.com
Targets
-
-
Target
16b37e1c485c94e3d1250e878d393b1f_JaffaCakes118
-
Size
737KB
-
MD5
16b37e1c485c94e3d1250e878d393b1f
-
SHA1
29686051a447d45294c79e8b150c484b9d5df412
-
SHA256
359440df1e4a2a524982d61b525e45aee7c32bf267a634c2ae150ebf88e9e646
-
SHA512
24b49bbc13d39586c19116534ef833191761618e8fde0cf1b0eecf32a8d6caf1cd8e631f26c5769a447c8d6fabb6bfe17174bc1ce0612fb4765e536748eaed6c
-
SSDEEP
12288:r/c6xTgK8nyl7B3ubmmFuzKb7LSKQ2KfKH/A7qg+esTCm:7lmKN3Am34Sl2kq/AQ2m
-
Formbook payload
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-