General
-
Target
444d3df9a20c68281353a091f76428e3_JaffaCakes118
-
Size
485KB
-
Sample
240515-dpvrbaed7z
-
MD5
444d3df9a20c68281353a091f76428e3
-
SHA1
b8659dab04ea1120bc696a1ee43b5d3022f830a5
-
SHA256
c222b07df99688f8ba5c35ce475d970b9fd0597420061d42707b553d00c788aa
-
SHA512
34556cf1a8ef045f8ae76f5d81216cae4748f51d3ecf81a12e2799c7ee4705457e47c5755c26bb40f296a27e7ad088c703d899bab8472f409b9b28b83ee6f1d7
-
SSDEEP
12288:IJzuW1RElKHFrTzh4NnsGvyrTOEEF1TQEULvz/:czuyElmlTMshrTC/kEULvD
Static task
static1
Behavioral task
behavioral1
Sample
444d3df9a20c68281353a091f76428e3_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
um
tophandbagmart.com
indycabinetconnection.com
lastmonthsnews.com
schoolofgeneius.com
talkingtoms.com
pleasefixmyheat.com
nvdough.com
tauruslegal.com
designercoverscustom.com
clubdevfun.com
pourpop.com
republiccreditcoin.com
nmochat.com
techpriors.com
apartmentsomr.com
edjamesjones.com
hxtfgs.com
betturka.media
organicwaisttrainingcorset.com
foxtrotfilm.com
albabespokecabins.com
in-peak.com
fakey-j0b.com
jeromandis.com
disneyfoodbog.com
etudes-maroc.com
henanminecranes.com
oiazet.info
katskettlefoodie.com
rose-blencha.com
www--bwdj.com
myadultescorts.com
southerncoating.online
flipkart-teamlease.com
realtec-project.com
fidelitygroupcayman.com
weightliftingshoeshub.com
paroquiapenhadefranca.com
carauctionflorida.com
uttarpooja.com
patentburosudanismanlik.com
kysonproductions.com
oracle-beer.com
xn--9kqp59hkpl.com
mylifeincrafting.com
cidadepublica.com
gigiart.ltd
hotelado.com
7thgenerationrabble.com
platinumtravelegy.com
ruggedmon.com
0377spjs.com
elitebailbondsusa.com
veggitastisch.com
danshoubao.com
www5588hy.com
candicelloyd.email
teressalee.com
polobynatti.com
csgofatality.com
fayixiu.com
tabiteatime.com
b2elit.com
dgjiaben.com
scaker.com
Targets
-
-
Target
444d3df9a20c68281353a091f76428e3_JaffaCakes118
-
Size
485KB
-
MD5
444d3df9a20c68281353a091f76428e3
-
SHA1
b8659dab04ea1120bc696a1ee43b5d3022f830a5
-
SHA256
c222b07df99688f8ba5c35ce475d970b9fd0597420061d42707b553d00c788aa
-
SHA512
34556cf1a8ef045f8ae76f5d81216cae4748f51d3ecf81a12e2799c7ee4705457e47c5755c26bb40f296a27e7ad088c703d899bab8472f409b9b28b83ee6f1d7
-
SSDEEP
12288:IJzuW1RElKHFrTzh4NnsGvyrTOEEF1TQEULvz/:czuyElmlTMshrTC/kEULvD
-
Formbook payload
-
Adds policy Run key to start application
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-