General
-
Target
fcdd99db01b4b8d402d201c08ef6cb0a_JaffaCakes118
-
Size
266KB
-
Sample
240928-wsfexaygpk
-
MD5
fcdd99db01b4b8d402d201c08ef6cb0a
-
SHA1
7a764132fdc6dcd9cd4a8444ce81ebfc2a5b0a27
-
SHA256
1cf7b621e147e98b0173bfb96d50c77cac94514fcbe4ddff291de56b168c94b4
-
SHA512
a330505329efe6d53e3798ec75435c35de559b83ca6be9dfb830d473364b0b1ff277bb89b97bebac7650c6b0be076a2c41736fc9e4ef188858a8432396a11a54
-
SSDEEP
6144:pdIjsHb5Fzw7TvMqpaxxXzWUXGRwK+pzzb6gwVRs:8ILiajN2+p+gwU
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Notification.exe
Resource
win7-20240729-en
Malware Config
Extracted
formbook
4.1
nm5
realestatecaffe.com
fetels.com
starvenus.world
dejashannon.com
zali.ltd
shangyuanfushi.com
socialmediagent.com
alphaomega.team
p3lp4.net
narandina.com
equfiaxsecurity2017.com
tribeofchristians.com
yutangke.com
lequf.com
ecabuyukcekmece.net
onlinexclip.com
harmonitza.com
velvetpelvis.com
manlexue.net
curtainspy.com
aarontocenter.com
btrbzz.com
cultureshock.biz
testci20170905024542.net
wwwjinsha956.com
sophrologue-paris17.com
fclpu.info
tillyaev.life
buyuyenhalka.com
pariscollinsgroup.com
318jrsy.com
ads-apcsk.com
blogger2016.com
trasderv.net
freshjunkremovalaustin.com
jjjcbyxz.com
peterpandreams.com
your-casino-chance.com
chiaksimi.com
xn--ur0asus29a.com
world-trip.com
beautysas.com
bbmrteam.com
aicluster.net
vulcanoestudio.com
mesdaespecialonline.com
bungerde.com
i-spark.fr
helpfort.com
cqjlgn.loan
deandveri.com
xn--ghqv4ymkh.ink
teresahennessy.com
f3hdh.info
orugidodoleao.com
gymnastics-coach.com
climatecancel.com
votreoffre-speciale.net
tongzhou.ink
adeusdepressao.com
adwokatura.info
niu-a.com
prepaidfund.com
delcieloastrologia.com
doneym.com
Targets
-
-
Target
Shipment Notification.exe
-
Size
339KB
-
MD5
4051f49c770d335749e6bc72f5aa9c98
-
SHA1
8a88643c75588960adf3efb1d37ebfd126f25b3c
-
SHA256
57970209107e8f230a66a3573e21b65ca46a5445554544948af6cdd27f144bf0
-
SHA512
0b43412e7f471e6dbdb8e94a69ad03cf688b68be5f00aca87d9233833a0c808687235a2b2ccfae5a4db8c32fb7b938b9bc90cfc27829631d56ff3ea3a724b5d0
-
SSDEEP
6144:AEbkSsHZgpaxPXzWUXGRSK+pzfb6g/XRis76zXn9x1MVgjYf:AW2aSjN2+pKgP49xrY
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-