General
-
Target
d53e454c17cc05a904a02b2a7eb5bbf7_JaffaCakes118
-
Size
1.1MB
-
Sample
241208-e4tm8sspfy
-
MD5
d53e454c17cc05a904a02b2a7eb5bbf7
-
SHA1
31f87dcf550cfcb5eb5c73ad41b8283814601f3d
-
SHA256
1f8c4b0bdfb68f353324fff65e4c97104d65d1f7f1bdf2202781c0a6a9dd3137
-
SHA512
8027da02c697fba0982ada7974820a15a6f799c3a7c7ba1e9043ede6245d0fdff5ff05485d07aafa3fd5328bc8f42b3af5cf0291144dc3587a6f64d2bd34f3c8
-
SSDEEP
12288:uA+DvEEZK/ISbmudUQxVseqBaHoQHyB1n0j9NOsKYNuzL0JWMA6mOKItpKsi5R:gYEZ+IS1t7s1QSn0jfPNuyjA6mV
Static task
static1
Behavioral task
behavioral1
Sample
d53e454c17cc05a904a02b2a7eb5bbf7_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Extracted
formbook
4.1
iesm
terracounselling.com
gmartindiastores.com
themekinhdoanh.com
chemluan.com
volvordposts.com
poyef.com
flyraven.com
tulord.com
landoflostarchitects.com
jdemong.com
tiendadecabello.online
adjimmobiliere.com
ssga-sia.com
senegalo-britanique.com
simplyhealthcareplsns.com
danishbay.com
melanieandisrael.com
idgrafo.com
forex160.com
ekohectaresandvilla.com
buyyoursuzuki.com
somersetfairfield.com
schekerland.com
paye-me.com
b5533.com
tentsourceusa.com
thefordcapri.com
carolynluttrell.com
autoselections.com
rentmyflowersplus.com
milayapi.net
1fitinc.com
ck-gran.site
kiananthony.com
golpasz.com
challengeakseptedyogee.xyz
changfu888.com
cngj815.com
futoga.com
montereycannabisclub.com
app-disc-mobile.com
liconadesigns.com
funsolitaireking.com
classicyachtspoom.com
msrawyh.com
mangounicorn.com
tyigh.com
ijiayong.com
skill2020.net
tubekittysex.net
kootermgt.com
visionsofhomedesign.com
pinkdogink.com
resmipkv.com
gabiortiz2023.com
eaforexbank.space
zyzxcn.com
sweetlystudio.com
panigrohon.com
jmbcfmoto.com
juxrams.info
kia.expert
obigkart.com
touchpaddles.com
htmlemailrepair.com
Targets
-
-
Target
d53e454c17cc05a904a02b2a7eb5bbf7_JaffaCakes118
-
Size
1.1MB
-
MD5
d53e454c17cc05a904a02b2a7eb5bbf7
-
SHA1
31f87dcf550cfcb5eb5c73ad41b8283814601f3d
-
SHA256
1f8c4b0bdfb68f353324fff65e4c97104d65d1f7f1bdf2202781c0a6a9dd3137
-
SHA512
8027da02c697fba0982ada7974820a15a6f799c3a7c7ba1e9043ede6245d0fdff5ff05485d07aafa3fd5328bc8f42b3af5cf0291144dc3587a6f64d2bd34f3c8
-
SSDEEP
12288:uA+DvEEZK/ISbmudUQxVseqBaHoQHyB1n0j9NOsKYNuzL0JWMA6mOKItpKsi5R:gYEZ+IS1t7s1QSn0jfPNuyjA6mV
-
Formbook family
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-