General
-
Target
3d76b5c0f9611f01f44c3a74e1aebe69_JaffaCakes118
-
Size
483KB
-
Sample
240712-p57llathrm
-
MD5
3d76b5c0f9611f01f44c3a74e1aebe69
-
SHA1
e6c2986ec30242d93d85f47d1a9922d080e00ad2
-
SHA256
720ffc99aa96c665aae27db46f776476c37ca113db207790579adfd81c73ad05
-
SHA512
5014ee087f6a4ff56edeb80405e2d4e56928495b6f351ba27805f074c330b4f130b5228d00d31bfcf75102376c98cf643958aca8b1e00acafed0ace16513c39b
-
SSDEEP
12288:UFda+Fda+EMYLysUN8dR6q5T2ComsZ4UyDZ0dOaAf:UEMkrdRLdho1aJd
Static task
static1
Behavioral task
behavioral1
Sample
3d76b5c0f9611f01f44c3a74e1aebe69_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
bf3
ecatcom.com
what3emoji.com
primbathandbody.com
yt-itclub.com
newbieeer.com
getyoursofa.com
mexicanitems.info
catalogcardgames.net
leagueofwomengolfers.com
gvanmp.com
midnightsunhi.com
cnluma.com
sunsetcherrydesigns.com
cosmoproturkey.com
inifinityapps.net
making50masks.com
battalionice.com
uk-calculation.net
frosteatlove.com
bs-mag.com
cuisd.life
searchlx.com
treycorbies.com
excellencepi.com
4week-keto-results.com
rotationdietplan.com
chinahousecoralville.com
xidao168.com
detuimelaar.com
fairschedulinglaws.com
jinnolouie.com
expresslacross.com
akealuminum.com
madebazar.com
phimixx.com
jel-tv365.com
shakahats.com
thabaddieztrap.net
petsglorious.com
misuperblog.com
scorebuddycx.com
sgbsmb.com
coolbeanstudios.com
khitthihonvidai.com
myattorneychoicesyoufind.info
thenewsdig.com
freeuikit.net
everydaycollars.com
carrerco.com
reviewdrkofford.com
dragonflyroad.com
quinple.com
kollektiv.agency
cimbank.info
productoshealthyandfun.com
dovecuwnebawe.com
saihohealth.com
thehostingroad.com
tadalafil.website
whereiswillgroup.com
ukchealth.com
alaskanoddgoods.com
praktik-stuff.online
gaiactg.com
unitedfootballcamps.com
Targets
-
-
Target
3d76b5c0f9611f01f44c3a74e1aebe69_JaffaCakes118
-
Size
483KB
-
MD5
3d76b5c0f9611f01f44c3a74e1aebe69
-
SHA1
e6c2986ec30242d93d85f47d1a9922d080e00ad2
-
SHA256
720ffc99aa96c665aae27db46f776476c37ca113db207790579adfd81c73ad05
-
SHA512
5014ee087f6a4ff56edeb80405e2d4e56928495b6f351ba27805f074c330b4f130b5228d00d31bfcf75102376c98cf643958aca8b1e00acafed0ace16513c39b
-
SSDEEP
12288:UFda+Fda+EMYLysUN8dR6q5T2ComsZ4UyDZ0dOaAf:UEMkrdRLdho1aJd
-
Beds Protector Packer
Detects Beds Protector packer used to load .NET malware.
-
Formbook payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-