General
-
Target
40237d6a3c84f02516bda17f8b957322_JaffaCakes118
-
Size
436KB
-
Sample
240513-sszxrsca2z
-
MD5
40237d6a3c84f02516bda17f8b957322
-
SHA1
8c3c3af0cbfc1e6e3c0d6c10229a817103d75069
-
SHA256
8537dc2194884b6ec88e9bc44963b4b1dc34b28505fd20330f5ed137e63cafe6
-
SHA512
9fec1f5835acd07655e4ac07f09dfbb40091b622f7a5c109972163eaf9e54c55f83e5505262b43ac8948fa4029cb86879ede8c1dbba6b4d078b5dab0e058ff96
-
SSDEEP
6144:zxDkckbuLHbc3ybjGvGjE7LBZGXAztMt2HYo5FbZk22BtKj5LognzL9NJ2o:zqckbC7uye6hA6YHYadZXwwVognzLAo
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
kbr
szhmjd.net
wolvingfield.com
elcorazondemama.com
willowbeemasks.com
neoticboutique.com
monclerclassic.com
ownit.info
epicoverstocks.com
jbyowell.com
broadcastsfromthebrainradio.com
caelostore.com
cnsmyhrt.com
cape-winelands.info
rosetowndiary.com
somnambulantfarms.com
filewu.com
oskoomarket.com
nomadic.guru
aisyamedicbookstore.com
theshopontheright.com
themoiraibudget.com
zoelinesboutique.com
checkmyleaf.com
theplayhousecafe.com
talitaskincare.com
tnscash.com
fika360.com
thesoakcpd.com
theincrediblethread.com
cristo.gold
qa-jc-ep2-6267-1.com
bornkitchen.com
abloomabovetherest.com
aorakiconsultinggroup.com
makearebound.com
larissagehringer.com
ibluebelttvwd.com
solutionist.today
lifescienceindustryresearch.com
larameyve.com
aitechnolgy.com
thieugiatuan.com
avrarealty.com
onlineacademyph.com
dangkyfpt-hanoi24h.online
lipoillucion.com
hypnosiswithnicole.com
warsaw.estate
firatotel.com
legacylawnco.com
emodabayan.com
menevadoinvacanza.com
loshun.net
oklahomacfs.com
coupsey.com
manerrtherd.com
fszuotian.com
bigtech-la.com
mckinneyshowers.com
mathewconsulting.com
mariannehoefer-krey.com
andrewhonchar.com
citestpridom20200817122524.net
nellaiceramic.com
calsem.xyz
Targets
-
-
Target
sample.exe
-
Size
497KB
-
MD5
fa2b81bb3c092af37132e48f36fa92c3
-
SHA1
715b71b3e7393c7bd1aa50a824e32b6408b6cbae
-
SHA256
4f90d42980450652ef19fe55ebea9e68683b4d29027900dcbeb5c26d298318fc
-
SHA512
36ec0cb0fad91ddf871ada9fdee7aaa57c0ebf9872e22e74e75c0b552ddc31d63832b4b19db4e62fa4d14304f3052c98ab3c2c95864c1d468bf0c5b28a133426
-
SSDEEP
12288:Y/hpMAp2iNtv2zv1gvExBHMxS1iz23RNjxs8zUle01Eqm:Y/p1m2sHsy93tj0
-
Formbook payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-