General
-
Target
2dad18ca8463273f701f13847bce7790_JaffaCakes118
-
Size
491KB
-
Sample
240510-gm6btaab54
-
MD5
2dad18ca8463273f701f13847bce7790
-
SHA1
646e94569498d50ceaeb82dc209a147cd72d0a2b
-
SHA256
6ae73a16633fc02a2710ef06d166cfae655774a73d7509afff0b0b81d0ed75b8
-
SHA512
d4bb8ee6fb20e0d196e8dddb847ef723c7ce6fffe5587b4347be11c8ec5223809dda9ef1e996afc40a8547b739ee376105d70ec777999bed1fa023626c031fe8
-
SSDEEP
12288:PYFqSpKaxDx3IcS94WsjAkBHZWNcuTQC1YlXdE0heWQn:gFqypxGnmjdZjEYlt/e/n
Static task
static1
Behavioral task
behavioral1
Sample
Doc20189700.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
3.9
h323
sanfransiscolotto.com
mcginnisformayor.com
puer-energy.net
hieusport.com
alevelcourse.net
excelcium-promotion.info
waehlergemeinschaft-bergen.com
capstone-asphalt.com
ppacspromsecureproved3.info
bm9993.com
zhuozixf119.com
sgy64dq.ink
qukuaifun.com
boletosdeavion.store
ministeriofaceaface.com
xn--fiq06lpuc3zab58o04p.com
sunglassessales.win
jano.tech
tillillishop.com
tyty544.com
mass.ink
evenext.com
rodantesmtbclub.com
diaral.com
rhytdmmusical.com
beautysaaz.party
proven--sa.com
youthfulfit.info
sondakikahaberci.net
mahneshan.com
ycxsms.com
appguanfang.com
carolsfitnesscenter.com
fibro.world
xn--cjrz24bhumrgi.com
yourclarityyouth.com
libertarian.loan
sandraitapia.com
xiwin.win
xn--uckc2azjh4j644xg68a.net
pewnahistoria.online
bearsop.com
freshwatercoaching.net
hentaicomicsforadults.info
kruvltd.com
2209liveoak.com
suohsex.com
littlebiologist.com
web-link.online
petronellanatalie.com
indyallcash.com
millennialmentorship.com
brehinier.com
22catcher.com
jinnuqu.com
pirate.exchange
scapegoatboutique.com
ugrowsocial.com
bumperrepairvan.com
piapower.world
junmaihonjikomi.com
hongnhustore.online
wirewp.com
7pinggui.com
phonelc.com
Targets
-
-
Target
Doc20189700.exe
-
Size
545KB
-
MD5
7bce7d55931c5f34701501a38aa95cd3
-
SHA1
7af77f1afe68b94a6617ac9a1ed5d21b66ca4008
-
SHA256
742be802e5d909d41c46fd374e6682f0467003e03f5387f37fe18d407322e5a5
-
SHA512
7bb4e470452a1f0dcd2bcc247c179d3c41b3fdac2aa694f6c79f7af71605226648ad3b57129f3930f85c7b10fc4329a622cbb7ffc27fe9fbb1b7aa4258a742c7
-
SSDEEP
12288:WwSpsazDx3ScS946sj0kBFZWHcupoC+22bFK9Z47:1yDzcn4jrZTrJbG4
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-