General
-
Target
94808d496596f1b0e00c996d77c1af89_JaffaCakes118
-
Size
986KB
-
Sample
240604-mka1sadh46
-
MD5
94808d496596f1b0e00c996d77c1af89
-
SHA1
09384ec9ee897d766b03e5eff0579d23c25e3bff
-
SHA256
294d980ee33b3ee783ef73efa634d8f910ac910f3a1d2b685daea4151dc7d3f2
-
SHA512
d6c6d13f52e1fb211c7e65ec49feed91f186c4464ba22c2c1f486bb7b2a14848198f5d7fd635f1f05282e20f51f26282ba15a67c4d90d8bc7d2a61705d7b19a0
-
SSDEEP
6144:/aUDG3Kp1O6VEJD6Lpzu5VGZ1xbt3oN/EqiOq762DOHXRSE8:/aUDd26VEt6pu5GbtwEqXq7pDOHw
Behavioral task
behavioral1
Sample
New request for quotation9867875fdp.exe
Resource
win7-20240220-en
Malware Config
Extracted
formbook
4.1
m1d
ecodezine.com
petshoot.com
finamoreservices.com
blcbbs.com
isarlog.com
vitall-holding.com
deeperootscbd.com
elizabethavan.com
xn--hizmetasistanm-igc.com
healing-with-touch.com
zebfx.com
optibm.com
mybrandsellsyourland.com
estebanell.com
average-gaming.net
beproudof.site
werrei.com
97mix.com
pastaneli.com
topryan.com
bfjhmahjong.com
zkdtest.com
zdijia.com
aisichem.com
yongchao.group
zifi.ltd
senior-planet.com
thewellbeingchef.com
eadi.solutions
inputy.com
cricketworld4u.party
722-722.com
topstockcasestudies.net
missionchoose.com
conscienciadelser.net
opticalmediaaccessoriesbest.win
folkhatti.com
0pe966.com
paperhelp10.com
thomasdraws.com
seoerwireless.win
canadaoba.com
xr-optima.com
afeducia.info
metrichubtechnologies.com
uglybeersweaters.com
onlinemarketing.group
man340.com
startup-365.com
bogoum.com
gaumt.com
luohehe.com
locationchocolate.com
bnuas.com
jovo.ltd
liwaclub.com
island-log.com
playcardstv.com
blirfint.com
groupnovalis.com
611ds.top
military-spouse-scholarship.com
768springfielde7.com
apolloroofingco.com
lodipytu.com
Targets
-
-
Target
New request for quotation9867875fdp.exe
-
Size
450KB
-
MD5
8bdeb6070b54bcbb362faea15aaf8f7f
-
SHA1
7708c09b98622341b13ffcb99fd61778f51c16fc
-
SHA256
63b52bedfe18fe9a059dafcf21ed7d2bd58b00e8b4078c98e165c36e3d347b60
-
SHA512
1033d22a99be996d10eea1affa1beaf067eb29c7235ae7080e86f8da71b0ee5252b4cdf45e0553897cdeae49154c113cf7ac8ed02bc2a38de8df1b1d042d0c23
-
SSDEEP
6144:9aUDG3Kp1O6VEJD6Lpzu5VGZ1xbt3oN/EqiOq762DOHXRSE8:9aUDd26VEt6pu5GbtwEqXq7pDOHw
-
Formbook payload
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-