General
-
Target
3fc97d557484f9162c419cb60d3d6521_JaffaCakes118
-
Size
588KB
-
Sample
240513-q6pb3sac25
-
MD5
3fc97d557484f9162c419cb60d3d6521
-
SHA1
21081bc2b1c16f79fc7bf4195de6c6e7d44f3bfa
-
SHA256
a07596c46040eea65335b4661db4d78f0051ece4943e09ef88987f76385c02ae
-
SHA512
58a2760d7c73e133df2d35028fb4e09981b62a5deeafe0a5e1143ba31fb58d77dd7386dd5b52d44f2c8b7fa7151086f234d404ed06b9a61aefe04834bd8c67ac
-
SSDEEP
12288:suHi2Ef+SYLqky0NFYbMxDpk16N+tYi9CRscY:nHi2Ef3YLqEFAWc6NkX
Static task
static1
Behavioral task
behavioral1
Sample
3fc97d557484f9162c419cb60d3d6521_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3fc97d557484f9162c419cb60d3d6521_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.8
ch43
ronankervadec.com
solstracapitallp.com
779pap.info
myintecture.com
thenethubb.com
sassysquatchdog.com
rebatum.com
livingniceguide.win
vfsinc.net
ozchelaconsulting.com
feurlic.info
pmntit.com
yaruihuanbao.com
underguardservicesinc.com
xingjiangchuanbo.com
govob.com
candimall.com
urumap.com
wannavilla.com
rotary-bom-west.net
taohuigou.ltd
bohemianbikeclub.com
lihao2017.com
caymanprotection.com
veggie-trifft-happy.com
5688t.com
4n2six.loan
gn27.com
aryampublicidad.com
d9e90.info
cbblrshoes.com
fiveatom.com
pkowa.com
biketopshop.repair
com-funchal.info
hurricaneaid.care
goldhyanggi.com
0431xinxi.net
aussieslovefreedom.com
uneasinessoutfield.com
tv18024.cloud
tiendapuro.com
solomoacademy.com
anime21.site
lgcorgx.com
sabahhome.com
iwillmovethere.com
jemmithergroups.com
rubber-tramp-emporium.com
mansionscasino.net
lifestylecoachmk.com
cryptoexchange247.com
generatoren-und-tools.com
combisperu.com
novategservices.com
littlejoerunner.com
qiangdasj.com
adamstrail.com
topwearusa.com
bud2bloom.info
sandvich-paneli.com
kangjinym.com
tripinstaller.com
safereflect.com
bahbashyz.info
Targets
-
-
Target
3fc97d557484f9162c419cb60d3d6521_JaffaCakes118
-
Size
588KB
-
MD5
3fc97d557484f9162c419cb60d3d6521
-
SHA1
21081bc2b1c16f79fc7bf4195de6c6e7d44f3bfa
-
SHA256
a07596c46040eea65335b4661db4d78f0051ece4943e09ef88987f76385c02ae
-
SHA512
58a2760d7c73e133df2d35028fb4e09981b62a5deeafe0a5e1143ba31fb58d77dd7386dd5b52d44f2c8b7fa7151086f234d404ed06b9a61aefe04834bd8c67ac
-
SSDEEP
12288:suHi2Ef+SYLqky0NFYbMxDpk16N+tYi9CRscY:nHi2Ef3YLqEFAWc6NkX
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-