General
-
Target
202a5d15ae9926a1dec141ed13065ad5_JaffaCakes118
-
Size
501KB
-
Sample
240507-lbhtlaab5y
-
MD5
202a5d15ae9926a1dec141ed13065ad5
-
SHA1
97a84b26c9f2f8a89fbbd8e3c35f673d17704fdf
-
SHA256
94e25372afeae0e0ef0dad8a783a6534e85f226734ba0ef2fd31625cec9f30c3
-
SHA512
48db4216a95b40d0f96384a9c3acdf7bc40a1fa7005a5b67a5b45475d8f039dccc579800932019e985952bc018219943f89c9bd59a7e83d57e0a7ba3b411a167
-
SSDEEP
12288:4N5H2IYf7y99IjxHncQNGt0ToygPUTbRMCdZW:yTYf7R9PNGtMAUTbK
Static task
static1
Behavioral task
behavioral1
Sample
202a5d15ae9926a1dec141ed13065ad5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
202a5d15ae9926a1dec141ed13065ad5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
formbook
3.9
um
tophandbagmart.com
indycabinetconnection.com
lastmonthsnews.com
schoolofgeneius.com
talkingtoms.com
pleasefixmyheat.com
nvdough.com
tauruslegal.com
designercoverscustom.com
clubdevfun.com
pourpop.com
republiccreditcoin.com
nmochat.com
techpriors.com
apartmentsomr.com
edjamesjones.com
hxtfgs.com
betturka.media
organicwaisttrainingcorset.com
foxtrotfilm.com
albabespokecabins.com
in-peak.com
fakey-j0b.com
jeromandis.com
disneyfoodbog.com
etudes-maroc.com
henanminecranes.com
oiazet.info
katskettlefoodie.com
rose-blencha.com
www--bwdj.com
myadultescorts.com
southerncoating.online
flipkart-teamlease.com
realtec-project.com
fidelitygroupcayman.com
weightliftingshoeshub.com
paroquiapenhadefranca.com
carauctionflorida.com
uttarpooja.com
patentburosudanismanlik.com
kysonproductions.com
oracle-beer.com
xn--9kqp59hkpl.com
mylifeincrafting.com
cidadepublica.com
gigiart.ltd
hotelado.com
7thgenerationrabble.com
platinumtravelegy.com
ruggedmon.com
0377spjs.com
elitebailbondsusa.com
veggitastisch.com
danshoubao.com
www5588hy.com
candicelloyd.email
teressalee.com
polobynatti.com
csgofatality.com
fayixiu.com
tabiteatime.com
b2elit.com
dgjiaben.com
scaker.com
Targets
-
-
Target
202a5d15ae9926a1dec141ed13065ad5_JaffaCakes118
-
Size
501KB
-
MD5
202a5d15ae9926a1dec141ed13065ad5
-
SHA1
97a84b26c9f2f8a89fbbd8e3c35f673d17704fdf
-
SHA256
94e25372afeae0e0ef0dad8a783a6534e85f226734ba0ef2fd31625cec9f30c3
-
SHA512
48db4216a95b40d0f96384a9c3acdf7bc40a1fa7005a5b67a5b45475d8f039dccc579800932019e985952bc018219943f89c9bd59a7e83d57e0a7ba3b411a167
-
SSDEEP
12288:4N5H2IYf7y99IjxHncQNGt0ToygPUTbRMCdZW:yTYf7R9PNGtMAUTbK
-
Formbook payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-