General
-
Target
29e6d44753147ed82b462a46155bf27f_JaffaCakes118
-
Size
421KB
-
Sample
240509-pbd27abe57
-
MD5
29e6d44753147ed82b462a46155bf27f
-
SHA1
71eb92ae7e61a791e3fc2e502fbd756059c6afe8
-
SHA256
145880ed94e0db3cab65cb54db4728520f1ac5f95ff2b0dda2650233542dd706
-
SHA512
3bbfbee68ba8dafa2164a2d5cc9e66607f3901c48c774f2ee7d212364433ce6e75eadd95771bcaaee75c92fa9a23d8cc8bbfbbc436c176879fa53b5a6f282792
-
SSDEEP
6144:IS1dm0XmZxcY5gtCdG0tR3XdoHHgjMNncgHyJUirSoUj1Rrlp4dW+dTUs8l3e:XPRXmvNSCIi3XUHgQNcYyCVTctdTU
Static task
static1
Behavioral task
behavioral1
Sample
29e6d44753147ed82b462a46155bf27f_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
ajr
cokefork.com
sunsabe.com
tactical-milsim.com
johnporcaro.com
quantqubit.com
ehrbar2012.com
dailymoringpages.com
masteronlineteams.com
signocomunicaciones.com
entrepreneur-de-demain.com
eve-echoes-data.com
readingbythewindow.com
quoteshark.net
mundoeconomic.com
bootlegmask.com
sporkedmissoula.com
claricitywealthplanning.net
lyotrade.net
brandtokitchens.com
blackstorymedia.com
armstrongramps.com
shinelinks.net
xhubstory.xyz
dannisconfessions.com
mycology.supplies
virtualinspectiontraining.com
usarmedforcesforbiden.com
theduneco.net
govirtualgym.com
pricemanmmi.com
eleanorandhick.com
grosgay.com
artmasteronline.com
psm-gen.com
strikermanagementgroup.com
tdhudsonfarms.com
nefkin.net
firewoodlogsbristol.com
csbaoxing.com
firestarterelectronics.com
igreels.today
janet-lorenz.com
bookyachting.com
kayarihats.com
wd7369.com
kvhchocen.com
madfishrods.com
yourprotectionguide.com
piao.mobi
loveinspiredtees.com
cric4c.com
tapchiotoxemay.net
engelhartweb.com
cgv-so.com
easyloop.email
xn--sss-ula.com
anunaysrivastava.com
1padrepio.com
getuewbessedre.com
achrafbarrou.com
misspinkk.com
717cary.com
myworldgay.com
alfcsg.com
elevatedqueensnc.com
Targets
-
-
Target
29e6d44753147ed82b462a46155bf27f_JaffaCakes118
-
Size
421KB
-
MD5
29e6d44753147ed82b462a46155bf27f
-
SHA1
71eb92ae7e61a791e3fc2e502fbd756059c6afe8
-
SHA256
145880ed94e0db3cab65cb54db4728520f1ac5f95ff2b0dda2650233542dd706
-
SHA512
3bbfbee68ba8dafa2164a2d5cc9e66607f3901c48c774f2ee7d212364433ce6e75eadd95771bcaaee75c92fa9a23d8cc8bbfbbc436c176879fa53b5a6f282792
-
SSDEEP
6144:IS1dm0XmZxcY5gtCdG0tR3XdoHHgjMNncgHyJUirSoUj1Rrlp4dW+dTUs8l3e:XPRXmvNSCIi3XUHgQNcYyCVTctdTU
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-