General
-
Target
75139da89b79d88a8d5f2f527446ecee_JaffaCakes118
-
Size
419KB
-
Sample
240526-lrfdeaea61
-
MD5
75139da89b79d88a8d5f2f527446ecee
-
SHA1
f9ca1387689e952afaec8de1e30a48ae5a37aa91
-
SHA256
dfa4a44e0f63c067e406e37c7b8915ac728ce6ecc1d13cf280de7064861dd872
-
SHA512
486bf73dde2828b53135f7075cf6bcc3c1e42ca50afbce75d610092cc252d6b21efa5176f20554d0225abdf9aeef6adf0f6bc1d8f0a5ff8a7a6e8a44eda16caa
-
SSDEEP
6144:J4hBCklZb/DZSAv2/5+mRbyGKXNUP8AioXAU+LoutZW20XmsAh6mh3:Or9lZ7DZSAvWbIXtdoXp+YXmsAh6mh3
Static task
static1
Behavioral task
behavioral1
Sample
75139da89b79d88a8d5f2f527446ecee_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
formbook
4.1
o9bs
akasa.technology
necruzrecords.com
funyr.com
granny-mask.com
videoqr.net
grancanariastagandhen.com
bournesolutionsgroup.com
car-shop-kenken.com
2zd8dn5t-mn4.com
a-nakameguro.com
gtl.systems
baizhan180.xyz
tnawxilv.com
dcdhoom.com
dalaman.website
shopredsea.com
rockbrookcapitalholdings.com
carguyla.com
adpservice.net
freecodecast.com
distributionrus.com
cursoencasa.net
kirkgun.com
blackwealthcanada.com
draindunord.com
kirstyhermosa.com
francacheladesigns.com
garrison-properties.com
configurego.xyz
associationmemorial.com
ploughjoggercoalition.com
dctech.support
devonebikes.net
algulmotors.com
hogar-asistencia.com
progressionglobaleducation.com
alpsdenki.com
lyqhmfc.com
vizualshare.com
huaerlimaoyi.com
cutea.online
flows2.xyz
canberraautomotive.com
cabalensprime.com
scznjc.com
molinamusik.com
paris-film-fest.com
cabanesdanslesarbres-annecy.com
goseerix.com
israel-spirit.com
flex-france.info
weightlossexercises.net
zeronk.xyz
sxkgxenj.icu
hengbaodidi.com
gigalicous.com
coloradobestservice.com
6358866.com
subseaanimator.com
evaxelijah.com
urbvineagency.com
baconbandit.net
leyoyou.com
printuniverses.com
bluewagepayroll.com
Targets
-
-
Target
75139da89b79d88a8d5f2f527446ecee_JaffaCakes118
-
Size
419KB
-
MD5
75139da89b79d88a8d5f2f527446ecee
-
SHA1
f9ca1387689e952afaec8de1e30a48ae5a37aa91
-
SHA256
dfa4a44e0f63c067e406e37c7b8915ac728ce6ecc1d13cf280de7064861dd872
-
SHA512
486bf73dde2828b53135f7075cf6bcc3c1e42ca50afbce75d610092cc252d6b21efa5176f20554d0225abdf9aeef6adf0f6bc1d8f0a5ff8a7a6e8a44eda16caa
-
SSDEEP
6144:J4hBCklZb/DZSAv2/5+mRbyGKXNUP8AioXAU+LoutZW20XmsAh6mh3:Or9lZ7DZSAvWbIXtdoXp+YXmsAh6mh3
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-