General
-
Target
3ca6adb2c55147131eb87751eba66b89_JaffaCakes118
-
Size
252KB
-
Sample
240513-1dra3sfa76
-
MD5
3ca6adb2c55147131eb87751eba66b89
-
SHA1
282f6711e594272f30eb613e007c2831d1b6202e
-
SHA256
29597c03eed30fc82c0cf555186e218deaf6d32f7a96b9ae0636185da6b664bc
-
SHA512
e66339b52168d68e3b43552e0059b3ec3903c879ec12676915ee2a719061713b5748399a7f5aeabee4aa7ee8089b42cb77aa28088b476c29d50f9f3c4fa786f0
-
SSDEEP
6144:PchSkHeKJTw2wqLo3bj8tNpkRE1HNs33m:GP+Kxw9qM25HmH
Static task
static1
Behavioral task
behavioral1
Sample
3ca6adb2c55147131eb87751eba66b89_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
3.9
bi
frspin.com
voron.black
in296.com
exportar.biz
19138537.com
de-play-games.com
suitmine.com
obedenie.com
inventoswiki.com
ahchoices.com
hushopgawd.com
uvalleconcrete.com
milospetstuff.com
vip-ships.com
huiyuetech.com
realestatewithswann.biz
investbuycoin.com
wememebusiness.info
stringapp.net
monikawaronska.com
rexchangeloans.com
alwaysavailabletowing.com
dg6-edelvais-kk.com
milixianquan.com
cqjiruan.com
a2k4po9w.biz
dengguangyun.com
dimanjj.com
webmail-comtechsystems.com
the-future-of-activation.com
onva.online
superiorcollision.net
peruviajesclub.com
susa-entertainment.com
trendsoftus.com
gamevanilla.com
ethicalserviceslimited.com
haichenge.com
houseofhardbodies.com
nutricionlindavista.com
drivesafetv.com
littlegiggleshomedaycare.com
growplease.com
skysedgemusical.com
louisoadams.com
global-dkt.com
webhostkitchen.com
classicmustanggirls.com
chenshoubing.com
sedwicksir.com
patientsplan.com
mpuhilfe.tips
worldlanguagepodcasting.com
lisablackwellwrites.com
edzxy.com
johannayr.com
irmarepairs.info
mountbougie.com
bitchoffnow.com
heartchurchsd.com
kusn1.info
bisolherbal.com
kicksomfire.com
kingglazers.com
scaker.com
Targets
-
-
Target
3ca6adb2c55147131eb87751eba66b89_JaffaCakes118
-
Size
252KB
-
MD5
3ca6adb2c55147131eb87751eba66b89
-
SHA1
282f6711e594272f30eb613e007c2831d1b6202e
-
SHA256
29597c03eed30fc82c0cf555186e218deaf6d32f7a96b9ae0636185da6b664bc
-
SHA512
e66339b52168d68e3b43552e0059b3ec3903c879ec12676915ee2a719061713b5748399a7f5aeabee4aa7ee8089b42cb77aa28088b476c29d50f9f3c4fa786f0
-
SSDEEP
6144:PchSkHeKJTw2wqLo3bj8tNpkRE1HNs33m:GP+Kxw9qM25HmH
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-