Overview
overview
10Static
static
34b580aef49...18.exe
windows7-x64
104b580aef49...18.exe
windows10-2004-x64
10$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$TEMP/alerting.dll
windows7-x64
3$TEMP/alerting.dll
windows10-2004-x64
3General
-
Target
4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118
-
Size
327KB
-
Sample
240516-qxkbrsff72
-
MD5
4b580aef493e3c12ff7c8c059cb73973
-
SHA1
efd2ba7c60ecd1d4e70850406d3d62f4c979eeef
-
SHA256
6999f846f01515ae48c049e1114b0cebad84d0eb047c10684eff81e9d391ad0b
-
SHA512
3822cd04861c1497241ac611bbc89b313df0d2bbd43b09f3cf1cf43ae796e4cf1254a73619f421480e5b0cd1b5e7bb36dd5d398a344e08e7f4ef091b939f22c7
-
SSDEEP
6144:r5L8cieNER8g5TNAKzLB1/1VS7EcsAFhr6RY6NLAnswHeGgoSKJLiWkFdDPNXcKd:Z8ciqEJViO1rSR56n0swHLjiBSKB9Z
Static task
static1
Behavioral task
behavioral1
Sample
4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Splash.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Splash.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$TEMP/alerting.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$TEMP/alerting.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.9
c191
yegua.rocks
retouraffectifrapide.com
mediacionelite.com
carrosseriemartins.com
filminglombokindonesia.com
rwpygl.info
wkwlkj.com
yjeoevqdaf.info
margaretaphotographs.com
damaskfabricandtextiles.com
woofgang.life
goodhabitsapp.com
kunweishidai.com
kuaizhilian.com
parkaraya.com
globallogic-us.com
charlottephotoboothrental.com
pouchbagsupplier.com
njlgmq.com
nazreenakhtar.com
xn--95qx16a68bt48b2hp.com
adctatouage.com
furofkay.biz
snaperr.com
mcvbnw.com
freee.world
mooveassist.com
idrinkhalo.com
sieuthicomputer.com
plugiman.com
frakteel.com
xn--cgobounty-bq6d.com
wpjlh.com
atlab.info
handgjskor.com
nmgshibo.com
5diamondz.com
thebarneseatery.com
bodoghaobcn.com
retzemaschilderwerken.com
karmabypallavi.com
lofscc.online
nuwmhiygenclosures.review
onlinedesires.party
isleofskyerooms.com
sofcorrp.com
lancasterhousehunters.com
englandxstudio.com
noelleandjonjon.com
alitossb.com
mommabostic.com
laoyu-metal.com
ysxxedu.com
generositycreates.com
1199742.com
granitevillecommunity.com
divyanshienterprises.com
elcadaverexquisito.com
arinaweddingplanner.com
intencib.com
vh-vtc.com
ethicsandathletics.com
elportaldelmiedo.net
nh-yingjian.com
yodaug.com
Targets
-
-
Target
4b580aef493e3c12ff7c8c059cb73973_JaffaCakes118
-
Size
327KB
-
MD5
4b580aef493e3c12ff7c8c059cb73973
-
SHA1
efd2ba7c60ecd1d4e70850406d3d62f4c979eeef
-
SHA256
6999f846f01515ae48c049e1114b0cebad84d0eb047c10684eff81e9d391ad0b
-
SHA512
3822cd04861c1497241ac611bbc89b313df0d2bbd43b09f3cf1cf43ae796e4cf1254a73619f421480e5b0cd1b5e7bb36dd5d398a344e08e7f4ef091b939f22c7
-
SSDEEP
6144:r5L8cieNER8g5TNAKzLB1/1VS7EcsAFhr6RY6NLAnswHeGgoSKJLiWkFdDPNXcKd:Z8ciqEJViO1rSR56n0swHLjiBSKB9Z
-
Formbook payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/Splash.dll
-
Size
4KB
-
MD5
3f35f73787f0c3bb5e59445fb18ade0d
-
SHA1
f1566faff96c3988cfc28dc7d433094b6348cdbf
-
SHA256
5570969d22a33c23b60c5f5536f781219e458a869b77b8dde4a94cc124ee4de6
-
SHA512
45c42ea95f53a3b8a3fd74bd55ad6f0b3f2b91dd969104de845fd819fe307dec2b4d472bee45554500b0c51052ee82ac98196e894af806edf67a947328474e57
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fbe295e5a1acfbd0a6271898f885fe6a
-
SHA1
d6d205922e61635472efb13c2bb92c9ac6cb96da
-
SHA256
a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
-
SHA512
2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
-
SSDEEP
192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score3/10 -
-
-
Target
$TEMP/alerting.dll
-
Size
9KB
-
MD5
899df66ecc89a8b62a4e01e719790daf
-
SHA1
81a289f7fe4560995b11c344ffe145df570a14e2
-
SHA256
b798c94ed8f6832b83fb5c6ca5c071dcac11e363fbfd4ce34dc68ff02a77678c
-
SHA512
300e7ac987ca9d012758ed9521c27f50a9f89440e2b5fe0ed3b3c0a48b13496c82f9ad1761a3d12e21f8622ef5a52082dd44aa30e3b97a2d6c054d2ca924cd7d
-
SSDEEP
96:lfVOeBcQ5YgX2Eoz8lntM68+Ne256BN9MygJKVlRWAbb7rztCtuuOos4ykTvjDlW:iQ+Vnz8lnttwT/aOos4ykTflxWw82f
Score3/10 -