General
-
Target
2b6f1f94d3ffe7aa888dde66bb9de6d6_JaffaCakes118
-
Size
425KB
-
Sample
240509-xpzvtada78
-
MD5
2b6f1f94d3ffe7aa888dde66bb9de6d6
-
SHA1
619ca87f3fcc9c72f43e22e0a9ff6b4859ae13b5
-
SHA256
08dbeeafc24caff893a3e60e59401e04cbb5408dc86177caf8be9d4c94a93965
-
SHA512
a6c7edb6bc90278c461ff31cc26cbeb775f0b5549edb89339e2baa94ab9ef6eba456c28f2d272d4e0b5b4b51372883180b85f52ef5c16ea57061835846573436
-
SSDEEP
12288:rgnS1IweViPLQjDUEnGHTi+QwXmJ/XRL7dJcjg:Ly+LaATcgU/3Jp
Static task
static1
Behavioral task
behavioral1
Sample
PO181219.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
h332
mericashoppe.com
campbneiakiva.com
retronix.info
capellisnyc.com
lapcameratot.com
otheroffice.win
biofrez.com
servo-electric.com
hfhkjd.com
chemungccecornell.com
leanneetsaparure.com
collaboraveit.com
thecarewear.info
truymanhaaseinsurance.com
krishnagruhudhyog.com
maxwellbeing.store
cgevent35.com
easyclick.directory
andseniorhomesok.live
dagashiya-bitcoin.com
oww8bei.info
crackdownnews.com
manga888.com
ashleyandgeorge.com
niviram.com
masa-yoga.net
yourbigandgoodfreeupdate.win
centresystems.net
communitiology.com
preta.online
intelvn.com
570secure.com
broadiq.net
manuelanselmi.com
xiaosanduo.com
yvngb.info
gpr-survey.net
amalliboutique.com
cyberlab-forensics.com
centraleoop.com
download-files-storage.review
256ope.com
niajaappday.com
latinamericaexperienced.com
automoderna.com
blockchainassetshi.com
foley-garciafraile.com
zahnlexikon.online
benallaaeroclub.com
qnhtravel.com
gwhred.men
xn--love-412j.net
inkneyelash.com
gyogyszer.online
collarbguru.info
maxprozone.com
yena.ltd
visitflorenceaz.net
museodeamerica.com
frutasmazal.com
srimanasa.com
wohnmobilekaufen.com
xn--m7r99sv3rn1c9y9a.com
spcelectronics.net
muzary.com
Targets
-
-
Target
PO181219.exe
-
Size
466KB
-
MD5
9f1c4ea29a9490e84c85ee622ebbee83
-
SHA1
03eb6bec9ca71f61726134e031ef1c96609c6fbf
-
SHA256
4cf3f2e4957d449f51f1a5dd6b20765aa7a1fe89231f1ea3748cd0c0e90d74c4
-
SHA512
2eccd244877aae74692294905fa6d11e7b1d67d03c44147f59dddf1b6d6ffe849529bf1e0ccd1b142d5767c281e229053d6d5d513bcc3c0ec9b428a735ed5f97
-
SSDEEP
12288:jGNJ561IweViPtQjDMEnSHTigQWX+T/XRfoxwo4P:jGGy+t8kTEOY/4wo4
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-