General
-
Target
da1e2b1e058691ca583201401aeb7347_JaffaCakes118
-
Size
926KB
-
Sample
241209-r1zras1kgt
-
MD5
da1e2b1e058691ca583201401aeb7347
-
SHA1
50d4655dc22914393bd2b0aeb1855748d3f541dd
-
SHA256
03e5bebad534a6061452af4f7b266bf214e8ad97f6d51d683378360f1351da30
-
SHA512
c6e5d1e1a297ce52c6aed0c3f5fdd85440a283718668bd7e7d1240a0c05dcb6c3169af93a6510823948dd3263a4be81ea539a59a4bb0f84ad2eb8b6bcdc668fd
-
SSDEEP
12288:l95TtEG4QkBZAVmMxrw9XybwhdkbXt0KzxALmhfg564V5H4nnUgmEy/7+WpDoYKD:lGJvMxrwrcXt01t
Static task
static1
Behavioral task
behavioral1
Sample
da1e2b1e058691ca583201401aeb7347_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
e7hf
miaozhunjingzhijia.com
mindplayva.com
vbetturkey.com
panevnyk.space
philiprankinemarketing.com
rosascleaningpros.com
nadersadek.info
2of237woodlandstreet.com
thegroomingdrs.com
cloudtrending.com
viajenscomcafe.com
medkomp.online
hohlola.com
ksremy.com
watermarkwpb.com
work4villageinn.com
pollmag.com
organizingbypaty.com
awakenwithrochelle.com
walcottstreetdental.site
newbethelneylandville.com
jam-nins.com
blue-elephant-indian.com
backyardpizzaiolo.com
patisseriefromparis.com
reachfleet.com
freedatarecovery.net
bkt18.com
auxvoilages-prive.com
jcc9999.com
localeclectric.com
seanhipkindesign.com
hnurses.com
suachuaotoquan8.com
actionboarddiversity.com
apipedemontana.info
biblechalktalk.com
hlv.kiwi
sortingyourlife.com
cvbcvsdqw.com
mexicoenruta.com
mentalidadparaemprender.com
tolerc.net
catchup-net.com
southwestsoaring.com
goldcastinglimited.com
knappsnews.com
advertmanagerbot.com
r6bproject.club
entonlineupdate.com
fiop.cat
denshicustoms.com
flittigstudent.net
spotadz.com
howecute.gifts
almisexpress.com
dogwayslancashire.com
toopaydropbox.com
simplyduplexes.site
citazionprocessingcenter.com
dijuyi.com
8668602.com
deshistories.com
minnesotaswishbasketball.com
celinehair.com
Targets
-
-
Target
da1e2b1e058691ca583201401aeb7347_JaffaCakes118
-
Size
926KB
-
MD5
da1e2b1e058691ca583201401aeb7347
-
SHA1
50d4655dc22914393bd2b0aeb1855748d3f541dd
-
SHA256
03e5bebad534a6061452af4f7b266bf214e8ad97f6d51d683378360f1351da30
-
SHA512
c6e5d1e1a297ce52c6aed0c3f5fdd85440a283718668bd7e7d1240a0c05dcb6c3169af93a6510823948dd3263a4be81ea539a59a4bb0f84ad2eb8b6bcdc668fd
-
SSDEEP
12288:l95TtEG4QkBZAVmMxrw9XybwhdkbXt0KzxALmhfg564V5H4nnUgmEy/7+WpDoYKD:lGJvMxrwrcXt01t
-
Formbook family
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-