General
-
Target
42d5e7a96109922fcb765e86760995a7_JaffaCakes118
-
Size
378KB
-
Sample
240514-ysa7asdg8v
-
MD5
42d5e7a96109922fcb765e86760995a7
-
SHA1
1f6d6281f2c89ad2d3a4ebfb74d4e72a0d49268d
-
SHA256
6c493d5a727414266a1b43719c18d1cce931c8b0208cccc2748d8b828a0403f5
-
SHA512
de512fdd6d44988ca5ce9f36c12d0119abb85ec4e44196d37a03a3c28fddacce98025f3e5b561ae726458bc125443d829e7297361772acad7cdfa1548c4fdb90
-
SSDEEP
6144:x+QGRBX+lGz8m0NMYYLkasSLfZjTX5+QMWyCiJvlTD6uU43byTPpxiO4RQsGRlSN:UQGPXIGz8mrHsqh3wDC29eDpnsGW6
Static task
static1
Behavioral task
behavioral1
Sample
42d5e7a96109922fcb765e86760995a7_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
3.9
hx318
winable.agency
indiandefwncereview.com
beautynewbuye.win
zhishaling.com
tiakia.com
thirtysomethingnewlyweds.com
bendix-voice-academy.com
thomaspropainting.com
thedentalimpressions.com
shangshenbath.com
incprofits.com
bellevuerental.com
i9philanburbs.com
ensda.com
cungcapsimypham.com
fernandozubillaga.com
chatjeddah.com
puigadoll.com
seyigesea0.com
ebikeslouisvilleco.com
orderdnauprint.com
sherwin-williamsbenefit.com
kinyonculinary.com
mesdonnees.cloud
disneyjuniorontour.info
noshok.ltd
lebensstil-oberhausen.com
komkomtijd.com
eventsq1.com
26138ww.com
lifestyleek.com
herschelyoung.com
hongguzaixian.com
bitcoinshitter.com
163ping.com
xn--kcrt84dxd533o.com
thuocchuabenhdaday.net
elf-studios.com
consumerdummies.com
insureavenue.com
brittany-janae.com
coastalrowingcentre.com
storage-fast-download.download
nanhaidz.com
segmc.com
harveysaferstein.net
superfastworld.com
wineanddine.online
greenandlife.com
neustadt-steuerberater.com
z-ebsitest.com
nova-damhuis.com
beloinfinancial.com
pitdetox.com
theloanfirmxx.com
1g8fourout.men
tajmahalshiraz.com
protrademi.com
hementiklagiris.com
linyuanzhuangshi.com
moorimmall.com
quanqihulian.com
frvpld.net
gainanswer.com
mansiobbok.info
Targets
-
-
Target
42d5e7a96109922fcb765e86760995a7_JaffaCakes118
-
Size
378KB
-
MD5
42d5e7a96109922fcb765e86760995a7
-
SHA1
1f6d6281f2c89ad2d3a4ebfb74d4e72a0d49268d
-
SHA256
6c493d5a727414266a1b43719c18d1cce931c8b0208cccc2748d8b828a0403f5
-
SHA512
de512fdd6d44988ca5ce9f36c12d0119abb85ec4e44196d37a03a3c28fddacce98025f3e5b561ae726458bc125443d829e7297361772acad7cdfa1548c4fdb90
-
SSDEEP
6144:x+QGRBX+lGz8m0NMYYLkasSLfZjTX5+QMWyCiJvlTD6uU43byTPpxiO4RQsGRlSN:UQGPXIGz8mrHsqh3wDC29eDpnsGW6
-
Formbook payload
-
Suspicious use of SetThreadContext
-