General
-
Target
34d41b08db20c3be620d503955bd982e_JaffaCakes118
-
Size
400KB
-
Sample
240511-qtwwdshh8s
-
MD5
34d41b08db20c3be620d503955bd982e
-
SHA1
afc50b80e124aa53efbd8a4c1a5e60de88fabb52
-
SHA256
38c3feee374e74f5ced5844328807d5a8b28131fa013bb8fbc4ce9e667e70e9c
-
SHA512
80ca69a37daed48c75c304199bd143186249d0f145ce117abce8109cc5a82777287ee0a59ee0b916a2c4d0ee10aed7f65cbe3818d25005588d01b2d07e8a7dae
-
SSDEEP
6144:qYE0hViKFzTJYIq/YN2l7N21qMQPTAgxA+G5x1jMmeNkGzdbv2iS9UNYUYY64L4Y:/r9F6SN2RkfQ7fIAzdbvgHY6nKlGw
Static task
static1
Behavioral task
behavioral1
Sample
8012bea9d522c2a1a6d032ba268e6f9f.rtf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8012bea9d522c2a1a6d032ba268e6f9f.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.8
ch36
hookbug.com
useicar.net
plentyofhosting.com
finalmary.win
pacwestcoastalproperties.com
prideharmonyfoundation.com
royaltakeout.com
lephare-shop.com
alphaomeganetworks.com
solistkonsilanlari.com
yj-info.net
badajozbeerlab.com
wwwjsvip9999.com
centraltexasrvpark.net
hosofb789.com
roademissions.com
toscanaristorazione.com
jrmsj.com
sweetsncandy.com
hzcrgg.com
sonerpar.com
xn--68s.com
tulacoin.com
fotoknihy.cloud
baguettebistro.net
miranet-technologies.com
bricksontour.com
gsbg.online
cameroonmarketing.com
simphiwe.com
shuangsim.com
qg0ficll0.biz
marcosnovaisedaniela.com
bleuproof.com
v64w3.info
eugeniaolenka.com
fi0rgl.info
chenyunchao.com
8o474.com
dijar.win
lorenzofernando.com
zebrita.com
techhomebuilding.net
thenexus.email
primavalve.com
legiondj.com
newbjlhuedu.com
wobblyfinancials.life
killignorancenotourkids.info
comoestouvencendoaobesidade.com
vendorscafe.com
manette-playstation.com
dtchun.com
lahdee.net
bestpetmed.com
miro.ltd
hierges.net
fairytalefitness.com
crb.company
mysignage.net
rockmakerscissors.info
apkspices.com
astronumerologyreading.com
mamstreet.com
empoweremyv.com
Targets
-
-
Target
8012bea9d522c2a1a6d032ba268e6f9f.doc
-
Size
973KB
-
MD5
8012bea9d522c2a1a6d032ba268e6f9f
-
SHA1
d8c4d15b43546732fee5da20e35704be9b16052e
-
SHA256
bc56eec51e9588c386885e12094cd794eb899b717527525fd302507c659ed5e8
-
SHA512
daacbd46f0f2025d5984bc6efa6a5ee7e8a2328c3f988cc5ba4f6b3af2b68830e2e5bdff86cb6e3a544b91c7abd753c6a2bcb612221b98070ea858ebac45e805
-
SSDEEP
12288:HQPeWspE5a2/D6w1DcpQ47d/mcc6EVOFUWxhNSyHS0FpQPccolWaNq7jMPyH0o3k:wPFs6dHDcq47d/mF6dxh/SaZgaMcZo0
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-