General
-
Target
5ee46295b565a80943c79c4adee9dec7_JaffaCakes118
-
Size
237KB
-
Sample
240520-nwgs5sad71
-
MD5
5ee46295b565a80943c79c4adee9dec7
-
SHA1
088040d934fc1f30424def22adf3a8063c09bfda
-
SHA256
092604ea968c54cd13c04fe2e85a4f5ec9e5b6ad5c83577160d1108c69156bf2
-
SHA512
b77b40775ef3581f8d6dade14d8672cf55c9e433c76956a59182e3d01971f6e5209d5e3ed30ba0bd989d73aa9d3956b0dc8bd99427c5179f9c4e7efb9824b406
-
SSDEEP
6144:VIH3fprvmAlYazYP+FqKfr0w6T+J0qwHkbAhfUKE6R3o:OXxuCYaFZB07QA+K3J
Static task
static1
Behavioral task
behavioral1
Sample
5ee46295b565a80943c79c4adee9dec7_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
formbook
4.1
b4630
touchlessfund.com
tokenizemortgage.com
suninfosystem.net
eugeneskeef.com
comprindoameta.com
simonhousecopake.com
mastergrannyflats.net
hocahanim-dogalurunler.com
skoolsoftware.com
remoteittrainer.com
digitalchurchchallenge.com
poslenastishina.com
officialamandacoppotelli.com
nomadadventuretours.com
prayforlouisiana.com
prochain.finance
heroesrisingtocurecancer.com
caresalt.com
vizslatshirt.com
defengineer.com
timberlandshoecanada.com
newyork-islanders.com
amevision.com
theezsuite.com
osez-bio.com
rjthestoryguy.com
blkmagiklabs.com
reallifecam.plus
hmeliamkt.com
minnitech.com
studesport.com
buyranitidine.com
yumejapaneserestaurant.com
24horas-telefono-11840.com
localcovidtests.com
pentagonconveyors.com
digimarceting.com
nextstepshow.com
movielaunch.xyz
aubreyhansfieldschultz.com
cafetrader.net
barathealth.com
nosnails.com
boomanddoneskincare.com
woodform.store
halinvaktinyerinde05.com
eewin-vip.com
johnpaoletti.net
daytripsmorocco.com
regular-list.info
ifoolky.com
balenciagaonmarket.com
gaileo.international
divingintoadventure.com
joaomkt.com
candytoys.net
lfjjmkyha.icu
khosimdep.online
liquidlightningsports.com
cucurumbel.com
cityfishseafoodgrill.com
watchthatclass.com
alappletryne.info
masterparket.com
omaitopal.com
Targets
-
-
Target
5ee46295b565a80943c79c4adee9dec7_JaffaCakes118
-
Size
237KB
-
MD5
5ee46295b565a80943c79c4adee9dec7
-
SHA1
088040d934fc1f30424def22adf3a8063c09bfda
-
SHA256
092604ea968c54cd13c04fe2e85a4f5ec9e5b6ad5c83577160d1108c69156bf2
-
SHA512
b77b40775ef3581f8d6dade14d8672cf55c9e433c76956a59182e3d01971f6e5209d5e3ed30ba0bd989d73aa9d3956b0dc8bd99427c5179f9c4e7efb9824b406
-
SSDEEP
6144:VIH3fprvmAlYazYP+FqKfr0w6T+J0qwHkbAhfUKE6R3o:OXxuCYaFZB07QA+K3J
-
Formbook payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-