General
-
Target
78f998a3e27a3a76480d4bc25cd37286_JaffaCakes118
-
Size
908KB
-
Sample
241028-lpghpawfjp
-
MD5
78f998a3e27a3a76480d4bc25cd37286
-
SHA1
07f330e5da999ce439450c5dbfa518fd5f754ed3
-
SHA256
7209a5aa4814e2f82aace6de499f4da7911c19bf06f5e12fd302806ecc2a67bd
-
SHA512
8510bd628cc871c9e05b9ecbd856557b86e6e9538105104c5ecfeba163395e7bc564f563259a96e73d88c07462329da6fa98d5878a89508e310649ed613a0d7d
-
SSDEEP
12288:OlV9bJky5TzU2ai6D3h0kaHHM7wD0Pu0sIPWfZ4OU8I3/sBIjL8DPH:OUaai6DbanhUHFrWccPH
Static task
static1
Behavioral task
behavioral1
Sample
78f998a3e27a3a76480d4bc25cd37286_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
formbook
4.1
glgd
cdcbullies.com
qidajixie.com
bgimlv.com
sunflowerhybrid.com
kemal.cloud
canadadirect.net
mickey2nd.com
fastjobssearcher.com
tiny-tobi.com
inmedixequus.com
coollifeideas.com
triadelectronicsupply.com
lambyo.com
zxyoo.com
spokanemusicmag.com
sortporn.com
deadroomnyc.com
313mail.com
hexiptv.net
stanbiccargo-express.com
hggt.net
theheilene.com
imbibetheculture.com
magnifiscentsbydarien.com
mcfarlanenterprises.com
chapsgrilletogo.com
startfortoday.com
sincamareros.com
bleacheater.com
elnurtic.com
finefoodandcooking.com
1931jones.com
buybetadeal.com
yourfavoredhairextensions.com
piaenglish.com
blockifysystems.com
atlerz.com
southernedgewaterdesigns.com
jamsole.net
wedyounow.com
gasesysoldaduras.com
st894.com
raquelbeckford.com
momdoduk.com
homeworkoutnow.com
maskintelligence.com
dahiyaa.com
dcsublease.com
fearlesslymiddleaged.com
thelittlereclaimedworkshop.com
johanarivero.com
differentlypun.life
frederickseyecare.com
sabortradicion.com
odptqfqxl.icu
socalseamlessgutters.com
rbhealthy.com
danielsdonuteria.com
cotswoldvehiclehire.com
ujenzihypermarket.com
farendofthebench.com
uniquelypotted.com
moddy.pro
soilhelp.com
happylittlexplorers.com
Targets
-
-
Target
78f998a3e27a3a76480d4bc25cd37286_JaffaCakes118
-
Size
908KB
-
MD5
78f998a3e27a3a76480d4bc25cd37286
-
SHA1
07f330e5da999ce439450c5dbfa518fd5f754ed3
-
SHA256
7209a5aa4814e2f82aace6de499f4da7911c19bf06f5e12fd302806ecc2a67bd
-
SHA512
8510bd628cc871c9e05b9ecbd856557b86e6e9538105104c5ecfeba163395e7bc564f563259a96e73d88c07462329da6fa98d5878a89508e310649ed613a0d7d
-
SSDEEP
12288:OlV9bJky5TzU2ai6D3h0kaHHM7wD0Pu0sIPWfZ4OU8I3/sBIjL8DPH:OUaai6DbanhUHFrWccPH
-
Formbook family
-
Formbook payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-