General
-
Target
18882465f8b6e72a46669d4aa2e78cb1_JaffaCakes118
-
Size
424KB
-
Sample
240505-vbypgsad87
-
MD5
18882465f8b6e72a46669d4aa2e78cb1
-
SHA1
b05a070b6c3fec5330d1413594a4b17b19099a02
-
SHA256
6e521645df736e76b57cdf6996cee4a5148e649cee75be8f36ccfb008f047fa6
-
SHA512
388e34cfc7a43a062e0c389611036b7953a99d4def7699852d875c2fcdc7c6a79205d85fa128aae9d48d9c37888d60611390640086a7e7a3e4b0e38173964e44
-
SSDEEP
6144:6N9JYSDAzaiTCXkJNlMgpV5Nj3QmlsPt5GM/x1lPWojLWYM+6LpfeR14Kn3r/u/t:67RAzTukj/Nj5OlzW3ppWbhn3TcWId
Static task
static1
Behavioral task
behavioral1
Sample
18882465f8b6e72a46669d4aa2e78cb1_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
3.8
h308
sewrelax.com
southbaycurling.rocks
hongju101.com
nikkismithonline.com
bluprl.net
slursthisshark.com
smootord.com
buyoregonhemp.com
stepstolight.com
mchausverwalter.com
cofidis.cloud
queenartjewellery.com
samoedrasalvageengineers.com
skull.ltd
leapmotors.net
gayo.ltd
philborremans.com
yeezywaverunner700.com
febriananas.com
railor-music.com
jinlinw.com
alkqm.com
budgetao.com
284fkm.info
rale45pasleh.site
globalenergymanager.energy
81kam.com
minervastoybox.com
sainikschooldays.com
twincitieslegalcenter.info
bdj.ink
angelvc.top
darwym.com
angangnin.com
katharinerose.com
boshicn.net
unbehgenadvisors.net
xn--4kq.ink
higherheightsgenetics.com
freepandeiro.com
nymphcup.com
lukehensem.com
ast-35-ik0s-co2w.com
thinnerband.com
nutrigenomics.us
policesources.com
chinaqinyuan.com
greatgiftshopping.com
goodlandgrooming.com
genuinetech.store
monikaskrepes.com
drwang.group
breathtakingbusiness.com
favoritetraffic4updates.date
josephandkatherine.com
nemerla.reisen
meganlwilliams.com
ouclic.com
cunthogan.com
2makeyourday.life
c3iconsult.com
tnapp.info
athenseconomic.com
nlnldfr.info
plodameg.com
Targets
-
-
Target
18882465f8b6e72a46669d4aa2e78cb1_JaffaCakes118
-
Size
424KB
-
MD5
18882465f8b6e72a46669d4aa2e78cb1
-
SHA1
b05a070b6c3fec5330d1413594a4b17b19099a02
-
SHA256
6e521645df736e76b57cdf6996cee4a5148e649cee75be8f36ccfb008f047fa6
-
SHA512
388e34cfc7a43a062e0c389611036b7953a99d4def7699852d875c2fcdc7c6a79205d85fa128aae9d48d9c37888d60611390640086a7e7a3e4b0e38173964e44
-
SSDEEP
6144:6N9JYSDAzaiTCXkJNlMgpV5Nj3QmlsPt5GM/x1lPWojLWYM+6LpfeR14Kn3r/u/t:67RAzTukj/Nj5OlzW3ppWbhn3TcWId
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-