General
-
Target
3e57cda1537e5da871c8f1d97ec7d337_JaffaCakes118
-
Size
750KB
-
Sample
240513-h7tdesfb48
-
MD5
3e57cda1537e5da871c8f1d97ec7d337
-
SHA1
d8840938fc45e5d20a0ca3ebebf794617a81e960
-
SHA256
400ce3db41e45539da9cbec4768fe45f31d7ad4bd276fff441c79231d959cff0
-
SHA512
3e06bed588ad457f639e2a9ca17abf26c1d77b827dcb9224963c09a1d31165ff0300b90741160c971902e30fe81918639515e5b45992704765e4b3dcbfeb3357
-
SSDEEP
6144:7lMdF++8cNR1ykQXQAIvD1U0TV33GqK6fPu6WBis:7fcj1yk1bvD1U0TVmqPHWBis
Static task
static1
Behavioral task
behavioral1
Sample
3e57cda1537e5da871c8f1d97ec7d337_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.8
d02
sanforly.com
alignyourasana.com
savecivilization.solutions
theindiedisco.com
284man.com
sophisticateddining.com
lgzcgs.com
cougarstech.com
osce.info
fromthebeginningtotheend.com
w349cu.com
yumanmusic.com
brehinier.com
4500pe.com
sachionaonlineradio.info
parispolskibus.com
juranfukang.com
dqtv0459.com
chinesesovereigncoin.com
monoclothes.com
qualifiedlaboratories.net
verterstype.com
sewdiary.info
panstm.com
teigzone.com
barrosgartenbau.com
lovebitesbycarnie.biz
pushenofficial.com
grandzeal.com
matrix33.com
fokustrend.com
adelie-systems.com
fitnesstlifestylist.info
yjwgkq.men
christianplaysguitar.com
eedszx.com
4106666.com
deveedesigns.com
theimustdie.com
uson.ltd
cristian.world
healthnpills.com
nolimitkids.com
itvoipsnew.live
astide.com
ma-minute.net
thebitcoinnow.com
baimacz.com
thedaughterjourney.com
latinmix.online
sizegainpills.com
adoptionlyours.com
sonwen.com
screamad.com
xn--72czffi4j2af3lqch.com
lamtib-sem.com
xn--352bt9djvk.com
031stuff.com
dcgraphicswv.com
prajnatech.com
5k1888.biz
mycasinosecret.com
growrichlife.com
wzxqo.win
available2.info
Targets
-
-
Target
3e57cda1537e5da871c8f1d97ec7d337_JaffaCakes118
-
Size
750KB
-
MD5
3e57cda1537e5da871c8f1d97ec7d337
-
SHA1
d8840938fc45e5d20a0ca3ebebf794617a81e960
-
SHA256
400ce3db41e45539da9cbec4768fe45f31d7ad4bd276fff441c79231d959cff0
-
SHA512
3e06bed588ad457f639e2a9ca17abf26c1d77b827dcb9224963c09a1d31165ff0300b90741160c971902e30fe81918639515e5b45992704765e4b3dcbfeb3357
-
SSDEEP
6144:7lMdF++8cNR1ykQXQAIvD1U0TV33GqK6fPu6WBis:7fcj1yk1bvD1U0TVmqPHWBis
-
Formbook payload
-
Adds policy Run key to start application
-
Drops startup file
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-