General
-
Target
22c773d478e58709306d15cc86c6097e_JaffaCakes118
-
Size
652KB
-
Sample
240508-crxs1sgb27
-
MD5
22c773d478e58709306d15cc86c6097e
-
SHA1
aead34495b9fbb8c64d63524f0e2b127fecea6a1
-
SHA256
19dea1877949b3d0b99cf91fdd68e376fbc74d25fc914ce497f00ca0ecff77ce
-
SHA512
04081f064603023edfd1da35de6ba0d7a662078ea456a0708a9df247710921a5a28a496ff9a2492ce369664b15b8fc26d405e471b5cee178e8b1c4663f3c824c
-
SSDEEP
6144:T75yLTtJ12bxs/2Mbavm/cSNTgSRgR0QdSdfslVOU6an295l5fDTWSnLGHIVifW6:TiT8tM0mUeTaGQdnUjU+TfvWSgfW4p
Static task
static1
Behavioral task
behavioral1
Sample
Doc53436.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
h9s
domidu.com
twelvei.com
palchecker.com
onariart.com
thescarfhut.com
alimotorsandbikes.com
brianneamira.com
tabwindow.com
babybabymom.com
howtostartanllcbusiness.com
cjaiou.com
californiamentoring.com
21millionbits.com
metgranite.com
ujphy.com
8eves.com
backstorysongs.com
www835234.com
szshijia.com
alquimarket.com
mufalaherbal.com
fouzhuan.com
seriouslygay.net
theadfbaq.info
bjjhbj.com
justsweetstuff.com
work-with-mfo.com
dynamicbrazil.win
adafha.com
lilacboat.com
itskayarie.com
captice.com
atasehirekin.com
industrialsyndemics.com
550313.top
eddyespinal.com
kablosuzsinema.com
woofahs-pet-directory.com
c-what-i-c-info.com
hochzeitszauberberlin.com
lanying.group
jkwe3.com
regional.immobilien
mansim.com
artscurator.net
letstravelmex.com
fasreceptor.com
hezonglvshi.com
utimatespellcaster.com
1a1eightabout.men
bhadrakmarket.com
internetwealthexposed.com
intrumpwetrust.estate
aifra.net
garbageangel.com
l3vdinnqj.online
xinchunmiaomu.com
wsxyjx.com
gildedgreenhouse.com
heartofyc.com
retainoo.com
wonwiki.com
nishiogi-nabeoka-clinic.com
runchallenge365.com
stmonlag.com
Targets
-
-
Target
Doc53436.exe
-
Size
592KB
-
MD5
0a97fae0860363de54832184dfd95952
-
SHA1
b7169157062c6e27c3b093e70e7e88fe72a35d36
-
SHA256
9f7c3f92efbdaec249b532ceb5f3d3e310c7142b7d327fb6f73fc6899781e59d
-
SHA512
2900967160a6b3e7749281700031bd4f3869391ed52a35218a51fd926fce21076376458fd20a193b8672e10b803e4b821b1939708c9670e1588bfe259168ff6f
-
SSDEEP
6144:175yLTtJ12bxs/2Mbavm/cSNTgSRgR0QdSdfslVOU6an295l5fDTWSnLGHIVifW6:1iT8tM0mUeTaGQdnUjU+TfvWSgfW4p
-
Formbook payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-