General
-
Target
5bcb77ed3ad77d4cf723044784f6c10f_JaffaCakes118
-
Size
468KB
-
Sample
240519-2bf8rsdf44
-
MD5
5bcb77ed3ad77d4cf723044784f6c10f
-
SHA1
874317c4a45b7c742964e2223afe84bfccdffd35
-
SHA256
557ac01b6da8e2ff8071f4cdb8029df59d3d323a2c5d1b521f56fd458a1ae7e5
-
SHA512
2814db3317c8358c044c948464a983d13ba8d9c60b0b909cf03bda1d830e390d86e66b89969de2bc7b7a3e1ff37b0ef255458f639f1bcca674599f023a2def1b
-
SSDEEP
12288:qaaJOnVAbYNOfbj/24X6U7rzUXSvAJIkh2x/:qaiOJOTKC4jOG8/
Static task
static1
Behavioral task
behavioral1
Sample
GMI.CO.,LTD - EWR RefWT9TB5.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
3.9
nh
poipoimikan.site
3day.site
casbahlondonkebab.com
freezingcbd.com
australian-beauty-remedies.com
roschildltd.com
katsuko.coach
ideareputationmanager.com
jfsuwdet.download
interblockyou.company
chuangfu-china.net
katrinhensel.com
faburaa.com
saucenationus.com
metodobrains.net
sexinbielefeld.com
theheartywelcome.com
swissaquashop.com
imhl-zj9h-95gq.biz
linkson.info
roboskills.com
drunsun.com
undkroening.com
williiamryankey.com
natalierifewilliams.com
louisianatileandmarble.com
sophieparisindonesia.com
wwwyd248.com
gzmvi.com
irismunchinsky.com
tholbirdsanctuary.com
trypartyhard.com
lauriesfamilykitchen.com
independened.com
xn--longnh-zva90a.com
danhorsengineeringng.com
sortaordinary.com
xn--vhq58fdt3blmn.com
airft.net
129manbet.com
coro.ltd
785pk.com
michiganotoplasty.com
casacasalini.info
fasykart.com
xundadiannao.com
travelcompaniontherapy.com
propersource.net
skiemc.com
constructorlab.com
xhtd439.com
sarkarinewupdate.online
ahanaraj.com
igoranimal.win
bibiang.com
vangbacmykim.com
ddgan12.com
cableinterconnects.com
twdoda.com
balibdh4.net
hansalacademy.com
wethelegendolivegrowers.com
l-annonce.com
kbr100.com
stmonlag.com
Targets
-
-
Target
GMI.CO.,LTD - EWR RefWT9TB5.exe
-
Size
637KB
-
MD5
6e3d0bd2d2bb6fcc996501895d84fed6
-
SHA1
bde3cf4ce6291fa6b0f4a7d828a53860f6d9aa32
-
SHA256
f2704785fc1c031804cc3903a319f8ba99bee1e0ea2766332b2aad1fff4f7436
-
SHA512
17b9c4c8733fec5368ea2f92bce0f7b2401d4a0a9887181dfa2b6205df5737901dec786ec53d08cbed5caa66e7287828b04fe28443a0e453dbbce957c210861e
-
SSDEEP
12288:+DCo5UPqjxu5zc4JV48njwWNLn5b7pLW0Z3EW7Wsv8kixW3pFMcmyuWp7pPmTppO:+2o5UWxuBc8hkuPpLWYEaW0iUuyq8a9
-
Formbook payload
-
Adds policy Run key to start application
-
Deletes itself
-
Suspicious use of SetThreadContext
-