General
-
Target
50803379c862897b497e96fb6f5b3f48JaffaCakes118.bin
-
Size
709KB
-
Sample
240517-3d1kvsge7t
-
MD5
50803379c862897b497e96fb6f5b3f48
-
SHA1
0ca45c28c48d06a9349ac1edd3f2d0430d254768
-
SHA256
b2ed4938e2e41c6015a953684f2e3a271044a0f7ede57e202e0026d492bf7c5a
-
SHA512
420561ca82648f81ffd92175454b72d756eadd88c42c2809868da7e17af479e049b9b3283e91017dda0297a83c6c706f5dc29825b75c7ac71aa5797bc32f4f9c
-
SSDEEP
12288:w1kx0ygplQ/7F3pAklbX5cPLxGOOv3KkDNx0yna:w6x0ygpu/7RpAkp+z7Ov3dhx0ya
Static task
static1
Behavioral task
behavioral1
Sample
50803379c862897b497e96fb6f5b3f48JaffaCakes118.rtf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
50803379c862897b497e96fb6f5b3f48JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
3.8
ch48
rengsrang.com
diamondresult.com
regalcoinvietnam.com
sowmobile.com
davidbahrein.com
christianplaysguitar.com
hotelruraldalameira.com
sydhr.com
efthen.com
stayinabq.com
beautyscout24.com
saucemount.com
xnewmovie.info
wickedwebcamsites.com
xalsnz.info
04db.com
shahrood-daneshgostar.com
golfsierraphoto.com
dodacaocap.net
riptidefishing.com
recetasalmorejo.net
naturegreen.site
bestdamnchainoiler.com
woodfarmcars.ltd
jjxiaoyu.com
funnyjokespictures.com
ssgg88.com
ypointelluride.info
diamondlotustwintowers.com
lanaturechiangmai.com
towqlobb.biz
tpfence.com
saltandsaunaspa.com
droit-justice.com
teammeangreen.com
xn--4oqr19a.net
kong.florist
polymer-forum.biz
kmlboo.info
gltglt.com
ierusalimskiy.com
elite-learning.net
faultoahusband.info
51wangzhanjianshe.com
bethelamenewalbany.com
treobuch.com
lehuyule114.com
tresengenharia.net
iatfca01.com
uqyhxx.info
tabearuki0.com
juststartrek.com
4u6ou.com
enablewebdev5.com
fuenf-fluesse-radweg.info
on-lake-time.com
localsgetiton.com
shoeandco.com
versatile-rp.com
sageo-partners.com
lixingmoju.com
x2z0k9.download
lilyyeyimim.com
grindcoreterrorist.com
crepox.com
Targets
-
-
Target
50803379c862897b497e96fb6f5b3f48JaffaCakes118.bin
-
Size
709KB
-
MD5
50803379c862897b497e96fb6f5b3f48
-
SHA1
0ca45c28c48d06a9349ac1edd3f2d0430d254768
-
SHA256
b2ed4938e2e41c6015a953684f2e3a271044a0f7ede57e202e0026d492bf7c5a
-
SHA512
420561ca82648f81ffd92175454b72d756eadd88c42c2809868da7e17af479e049b9b3283e91017dda0297a83c6c706f5dc29825b75c7ac71aa5797bc32f4f9c
-
SSDEEP
12288:w1kx0ygplQ/7F3pAklbX5cPLxGOOv3KkDNx0yna:w6x0ygpu/7RpAkp+z7Ov3dhx0ya
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-