General
-
Target
5f7a7b867374de7ce4277fd5c766312e_JaffaCakes118
-
Size
322KB
-
Sample
240520-re8gbadh9v
-
MD5
5f7a7b867374de7ce4277fd5c766312e
-
SHA1
763ea3f600136fd957bd7c42f148d42a6eb39621
-
SHA256
dc9f16d932383754d9fbe28b7fbf59f3e5af1754582847981d264aa3225e1e17
-
SHA512
7013ef483920b04972c69278b90146d6102e297a28e0db751d136c652da82b3a0720983432d253aeeb2540b748b423ac0acf71add0cfc83a89025bbdbfad14d6
-
SSDEEP
6144:I8cXFf4JCjVyW64Y+oz993q8WxHz8VfcBN8Sq8Ul4X1NNHMsM7cuE8J:I8kiRox/nUQNssM7c3
Static task
static1
Behavioral task
behavioral1
Sample
5f7a7b867374de7ce4277fd5c766312e_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
3.9
sa
brunoshooters.net
ceritangesex.win
ralphnation.com
taylortalks.com
immense.money
qianworld.net
smartphone.courses
khflorida.com
savingsaccountfree.technology
vcxnyi.info
spiceupyourspanish.com
ahwatukeeelectriciannow.com
sellinghomeswithlindsey.com
mychurch.site
baodingjinrongxiehui.com
xfun.ltd
fcmol.com
rudolfbike.com
nahuojie.net
protect-account-now.com
theoldguardsf.net
kidswaronwaste.com
inf-adm.net
unkeda.men
xn--1d2a45kv9p.com
maxistanbul.com
sinsignal.com
xn--vcsq80arqdot0a7yexy1b.com
huaruistudy.com
zfcacu.info
santacruzdulceria.com
600style.com
ikbara.com
danidanielstools.com
tv16331.info
syzm34.com
domenickvenezia.com
yankaize.com
definedetailing.com
vrhatstore.review
brycgstow.com
trucellution.com
oldhickoryevents.com
blainretirementplan.com
waterfrontseafoodatyourdoor.com
hammer-schneiders.com
city2citynetwork.com
vnmonre.net
monster-machinery.com
especiallyencourages.loan
cinqueterreicecream.com
banazdalinsaat.com
xn--hc0bmwr02e.net
sheriffelder.info
pagespk.com
siwaab.com
prolete.com
heritagetruffles.com
cyberphonics.com
4artsakestpaul.com
remnants.info
nwzjlu.men
aqajg.info
pinpointmaryland.com
loaugh.com
Targets
-
-
Target
5f7a7b867374de7ce4277fd5c766312e_JaffaCakes118
-
Size
322KB
-
MD5
5f7a7b867374de7ce4277fd5c766312e
-
SHA1
763ea3f600136fd957bd7c42f148d42a6eb39621
-
SHA256
dc9f16d932383754d9fbe28b7fbf59f3e5af1754582847981d264aa3225e1e17
-
SHA512
7013ef483920b04972c69278b90146d6102e297a28e0db751d136c652da82b3a0720983432d253aeeb2540b748b423ac0acf71add0cfc83a89025bbdbfad14d6
-
SSDEEP
6144:I8cXFf4JCjVyW64Y+oz993q8WxHz8VfcBN8Sq8Ul4X1NNHMsM7cuE8J:I8kiRox/nUQNssM7c3
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-