General
-
Target
1fc9b5094b733179f1033890c79b2e41_JaffaCakes118
-
Size
475KB
-
Sample
240507-hljbbsge48
-
MD5
1fc9b5094b733179f1033890c79b2e41
-
SHA1
3f42f46d0398ae70f3435707c849fa7b7b9c62d3
-
SHA256
816c9d6d36399c0ef5bb8d0334ef40ba6668cd043be104a4ec3f4291ae1a4b86
-
SHA512
851a4874baa6206fe82ba7ee43df0211810b4390d91b7c70a02673e0826b1a7131c7da9c9b98e56a227d23daeb860957a5304281040b1580332c07f1f4f4cc84
-
SSDEEP
12288:477BeRhC1p1Cy4FkRIni8oNX9gjOxMygi2svV:ocy54FJi8IyygHu
Static task
static1
Behavioral task
behavioral1
Sample
1fc9b5094b733179f1033890c79b2e41_JaffaCakes118.rtf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1fc9b5094b733179f1033890c79b2e41_JaffaCakes118.rtf
Resource
win10v2004-20240419-en
Malware Config
Extracted
formbook
3.8
stn
wlojz.com
nrvonlineconnection.com
miracleworldofent.com
homeswithcherry.com
yeye79791.com
scshanglv.com
webtradenetthebronx.com
dsg-worldwide.com
bakshibeauty.com
17784724521.com
broadswordsinc.com
weekendq.com
sfnetstu.com
ashitsuyo.com
9410pe.com
bankfxrates.com
baidumedical.com
ripchesterfield.com
teepakthai.com
sabattu.com
net1234567.net
godcares4you.com
weighttrainingfordementia.com
rkpy9h.com
shewritestruths.com
cornerhyperbaric.com
rbvrua.info
komi.ltd
pfun.ltd
consolihealth.com
bendi.ink
slitere.com
mkutfuct.com
northtexashappyhour.com
mmrzj.com
aiafn.com
heatecc.com
babesteps.com
xn--4kq761dka4502cpnai5mng.net
clavons.com
brushmasterinc.com
speak.store
edenestateubud.com
leviathancombatcraft.com
chorewizards.biz
t9shpi.com
sholehelayyub.com
returnourbikes.com
tcusanationals.com
mudethreads.com
buycsy.com
theauditcommittee.net
rqhjf.info
kkgan81.com
thebighandbagshoplondon.com
footwaremachinery.com
vravp.info
billyworld.com
zentty.com
readytraffic4update.download
gestioncerveceria.com
tstmyanmar.com
coolstores.site
vellorabeautyrange.com
pendimora.com
Targets
-
-
Target
1fc9b5094b733179f1033890c79b2e41_JaffaCakes118
-
Size
475KB
-
MD5
1fc9b5094b733179f1033890c79b2e41
-
SHA1
3f42f46d0398ae70f3435707c849fa7b7b9c62d3
-
SHA256
816c9d6d36399c0ef5bb8d0334ef40ba6668cd043be104a4ec3f4291ae1a4b86
-
SHA512
851a4874baa6206fe82ba7ee43df0211810b4390d91b7c70a02673e0826b1a7131c7da9c9b98e56a227d23daeb860957a5304281040b1580332c07f1f4f4cc84
-
SSDEEP
12288:477BeRhC1p1Cy4FkRIni8oNX9gjOxMygi2svV:ocy54FJi8IyygHu
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-