General
-
Target
3452a6d55f5221137efc039bff911086_JaffaCakes118
-
Size
353KB
-
Sample
240511-nec4magg54
-
MD5
3452a6d55f5221137efc039bff911086
-
SHA1
7b44672a8cf24fe216be0e19919109150f6ea830
-
SHA256
0c5268e859ea956ae8fdf1219bd6b4bdf1f3f9cdb7c43e4b10932105d8261861
-
SHA512
0802ad809803636a105932d0ff14e666386752e3b01234b132d6729dfa29802934aea7bf17358a6e3d16a719a8770bb81e565aa5752a45a845ee7ca49e5ac8e6
-
SSDEEP
6144:HXcPkrvcpKCvAcd2fo0dNvhy4ziMOF3ahfVLGWHcuhSBHO+kg1vo82WykBspGa3q:HXcMbcrioCVhTzhOwXLGjuUBHO+kgvoK
Static task
static1
Behavioral task
behavioral1
Sample
purchase list 02.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
cx0
avtnywveba.club
championmanifesto.com
fuehren.net
smallbusinesshelps.com
langshun168.com
maxonone.com
2commasummit.com
feat.gallery
rgsbc.com
gamefa88vn.pro
dandeliondesignart.com
mksso-real.com
shroomsconnect.com
boscoandthebees.com
payday-loans.space
maryaab-lpc.com
vaaccidentdoctorsnearme.info
ensley1961.com
viilaa.com
paraboliclight.com
koyagiblog.com
reclaimthemap.com
cottonflux.com
tsunamispas.com
yolilroom.com
fragrance-place.com
ajbmxb4jc1.club
xsen5124.com
best20travelinsurance.com
wefeelforall.com
bidenblackagenda.com
angleofattackarmament.com
orangedishinc.com
libpoker.com
facetologyrn.com
alborotogt.com
threedrinkmin.com
doctorklotz.com
campaign-zalando.com
tallahasseerockgym.com
insurancefortotal.com
visualist.online
paleolibrarian.info
comeseemenaked.com
ricosch.com
tombrackenmotors.com
activu.xyz
justborncandysettelment.com
letittea.com
britishvapecompany.com
365cashbacks.com
purificadoresuy.com
blue2bees.com
speaknativechinese.com
mbsvirtualstudio.com
doozydeal.com
thehealthyimmunereset.com
onlyincest.com
summerplaceseniorliving.com
brianhannahphotography.com
sugar-fi.com
owlmedia.agency
playtvall365.xyz
norinorinoriblog.com
mscast03.info
Targets
-
-
Target
purchase list 02.exe
-
Size
446KB
-
MD5
e04c803a304194fe916ca43591eb5fca
-
SHA1
e2d0096b5c6118ce2b66a794276e01603b7e7771
-
SHA256
0a7875bdd0200e759a7fc1ce09a8f31fdf5950868804629cc2c18fae9c501fe9
-
SHA512
619997a3fe588231281e1b8d574cb1c12f090aae728cc11315b73a7a47b44e283bc704f1d6d0877410b3c3e19951edad61b0c402c807c8dc66211c2d319ca426
-
SSDEEP
12288:mBcHkocFh3zhOKdLWnuYBH2+koto0BnCXmuUb:LdUVhOKdSrBW+kon3
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
2Virtualization/Sandbox Evasion
2