General
-
Target
6ac766cf7340aa9c7631eed633a88aa6_JaffaCakes118
-
Size
2.5MB
-
Sample
240523-ngzqeaec84
-
MD5
6ac766cf7340aa9c7631eed633a88aa6
-
SHA1
698ff575ba75225c92c20b645af9b4c33e294a72
-
SHA256
82a752fc58acc797eedefc866ac9cebd765da7cc6aa070768ab475678605e24a
-
SHA512
0842f38af644499735a920ec617176ed3c23dbb07c4cf4381dbfda3ac43630603f16d2bfa2dc37e18be63ac8ef3680ba9bec8495891b03417743bfc776e285f9
-
SSDEEP
49152:TyY3M1FyYIZpr+0vRKLeEz9bJjomfVee26os:TyY3M1FyYIZpr+0vRKLeEz9bJjomfVea
Static task
static1
Behavioral task
behavioral1
Sample
6ac766cf7340aa9c7631eed633a88aa6_JaffaCakes118.rtf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6ac766cf7340aa9c7631eed633a88aa6_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
formbook
3.9
br
q1k0iyiu2.biz
waqsx.info
doctorwigglez.com
truebluego.com
manbet405.com
shopuy.site
karabukkuzeyteknik.com
sgxiayu.com
almvie.com
veteridom.com
michelleeve.com
crabitech.com
envyofamerica.com
joggingtip.com
houseandpets.com
tudekoracje.com
koutheparea.com
fd-electronic.com
ukmrna.net
pizzalato.com
grape-digital.com
selfdefensevideovault.info
aucpa.net
premmicr.reisen
plrep.com
banymyth.reisen
evancramer.com
fixfinder.repair
agridatamining.info
macodesigner.com
ubeseisou.com
redlinediecast.com
abetterforupgrading.win
dragonflybeauty.com
f1ghing.com
kimchican.com
snowmasssports.net
ddwtech.com
112manbetx.com
festivalmega.com
traicayquetoi.com
wwwwrm4488.com
backupgifts.com
enginesofascension.com
kyoman.net
georgi-bogdanov.com
celestial.house
materiallnmotion.com
farmaciasion.com
gosenfukushi.com
soundpass.net
headbandhappyak.com
drivefilestream.com
svgedq.info
remodelguys.net
carriersalesez.com
baixue.ltd
cactusled.com
sultanalghaisem.com
xazol.net
gettingrichwithbill.com
craftinternet.com
gllscientific.com
hmklogix.com
trogmack.com
Targets
-
-
Target
6ac766cf7340aa9c7631eed633a88aa6_JaffaCakes118
-
Size
2.5MB
-
MD5
6ac766cf7340aa9c7631eed633a88aa6
-
SHA1
698ff575ba75225c92c20b645af9b4c33e294a72
-
SHA256
82a752fc58acc797eedefc866ac9cebd765da7cc6aa070768ab475678605e24a
-
SHA512
0842f38af644499735a920ec617176ed3c23dbb07c4cf4381dbfda3ac43630603f16d2bfa2dc37e18be63ac8ef3680ba9bec8495891b03417743bfc776e285f9
-
SSDEEP
49152:TyY3M1FyYIZpr+0vRKLeEz9bJjomfVee26os:TyY3M1FyYIZpr+0vRKLeEz9bJjomfVea
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-