General
-
Target
2b339850ba96bb3c8308c70acd7ac521_JaffaCakes118
-
Size
458KB
-
Sample
240509-wmfhqaab88
-
MD5
2b339850ba96bb3c8308c70acd7ac521
-
SHA1
4c497319129abac43989a7a75c4ff8d3fee9554e
-
SHA256
2040586dd9fea01ac08b13748962e9c7ec2bebd618d92543f260984b2eebc352
-
SHA512
bba4a5d960e100295b7e2c33edfbc2e922ca12a92d43a7ec122f4d2dec33579abd38e4ef69134ed8e35bbbb8cc83efcaf7e67f1f5f2dfa6fc4c54bcd29eea401
-
SSDEEP
12288:OSLFxvaN9Se5U17u1KFHeSJ7zdGUvVbCY:rFI9UqKNeSJ7zdGUB
Static task
static1
Behavioral task
behavioral1
Sample
2b339850ba96bb3c8308c70acd7ac521_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Extracted
formbook
3.9
vi
thehealingcentersintl.com
moiuc.com
foundationtsecuritysn.win
dmorganconstruction.com
rcyg-luxgen.com
xn--9iqxb19lb98e.com
method19baseball.com
caitlinsculpts.com
xn--tpqt61am2s90v.com
clu2007.com
avto-4x4.com
newcode315.com
earnshort.com
instamanga.click
entruempelungs.taxi
brownpaperitckets.com
prepster-inc.com
espacoredator.com
pacificartspublishing.com
ekohelper.net
nascenceconsultant.com
gibussigynpamsplendids.link
opebet650.com
catlf.com
tarro.net
justfashionpassion.info
izmitsove.net
gojmi.com
duckieland.com
yukesw.com
templesofsatan.com
grindgrapple.com
elityapiemlak.net
whippedlardo.com
eatsmartcookie.com
equipment-spoil.com
490ope.com
prefixed.info
50020xatf.com
igreda.com
silversailtourism.biz
xux-sh.com
karafilico.com
cng-euroqe.com
mimo136.com
rushmorerunner.net
pbbwchr5w589dbv5.biz
youngqueensbyally.com
guaranteeopqq.site
eternalpelican.win
i501.info
smartpersuasion.net
nomasfilasapp.com
virtual-flix.world
happydayholidays.com
corevids.net
peterohanyan.com
songathome.com
sijiatingyuan.com
indahashcoin.com
hizmetasistanim.info
kn4frp.com
captivatingcreations.design
freddys-bikershop.com
dronlac.com
Targets
-
-
Target
2b339850ba96bb3c8308c70acd7ac521_JaffaCakes118
-
Size
458KB
-
MD5
2b339850ba96bb3c8308c70acd7ac521
-
SHA1
4c497319129abac43989a7a75c4ff8d3fee9554e
-
SHA256
2040586dd9fea01ac08b13748962e9c7ec2bebd618d92543f260984b2eebc352
-
SHA512
bba4a5d960e100295b7e2c33edfbc2e922ca12a92d43a7ec122f4d2dec33579abd38e4ef69134ed8e35bbbb8cc83efcaf7e67f1f5f2dfa6fc4c54bcd29eea401
-
SSDEEP
12288:OSLFxvaN9Se5U17u1KFHeSJ7zdGUvVbCY:rFI9UqKNeSJ7zdGUB
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-