General
-
Target
fe740e7999ea046c611b6af048228301_JaffaCakes118
-
Size
846KB
-
Sample
241219-e6nvrsykbw
-
MD5
fe740e7999ea046c611b6af048228301
-
SHA1
b11b855d1328255503fd2e3d86260293af0fef8a
-
SHA256
e53afd0b5fd432a725fce3ee514f9bf7e58b54b06c096640c0672faf7eb209b5
-
SHA512
c6eef694077d945c92dab79d1f99b349d71fa65f0a9dbece5a86f9e400e85c9c6b0ffd8d2236e4cde1ab97728762262bc6e2272a33e9f561418d3c56ce16f617
-
SSDEEP
24576:AAsnEguXVgHgteHLHyLWf6A1Ti2KIzoGsrq34MeWjc:3tFWfV4MeWj
Static task
static1
Behavioral task
behavioral1
Sample
fe740e7999ea046c611b6af048228301_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
qg0x
guruguyd.com
martiallawtcg.com
minervamerch.com
websiteseotools.net
productionsrassembleurs.com
tarcanlaroto.com
zoloftmusic.com
waseet.club
mtelphinstonemasonicsociety.com
indertechstore.com
iostdefi.net
juxrams.info
magwearhouse.com
ellerey.com
jointhekkk.com
wednesdaytravel.com
nineban.icu
westcoastk95.com
parkcityruthschris.com
monicarodri.design
mouthfulofmumurs.com
brandspade.com
ttjxgs.com
rakmetrocarservices.com
reservepet.com
fs2020addons.com
fgxrmyy.net
lovethepupyourewith.com
dongocly.com
ooper.net
packdesignerbr.com
minimalistcycling.com
ihatebrooklyn.com
goodamazonagency.com
mz700.com
thetexantech.com
sfqp28.com
fleek.today
studentsafetysheild.info
tgsei-df-03.com
samanthaandpeter.com
multiplarity.com
riverfoodsinc.com
panpomen.com
blalion.com
fyjhl.com
pyittineaung.com
growscienes.com
reoimwyhhxoadfcm.com
texasboilerpart.com
valhallaplus.net
whoartsau.com
thesimpleprogrammer.com
bagodaycrochetandmore.com
jyejee.com
tssep.info
dsdbrgj.icu
s2n-search.com
jiachenwenhua.com
japansurvivalstore.com
mentalaltitudebook.com
releviumchiro.com
voltagefinancellc.com
xn--balkesirilaclama-cqc.com
yogamatde.online
Targets
-
-
Target
fe740e7999ea046c611b6af048228301_JaffaCakes118
-
Size
846KB
-
MD5
fe740e7999ea046c611b6af048228301
-
SHA1
b11b855d1328255503fd2e3d86260293af0fef8a
-
SHA256
e53afd0b5fd432a725fce3ee514f9bf7e58b54b06c096640c0672faf7eb209b5
-
SHA512
c6eef694077d945c92dab79d1f99b349d71fa65f0a9dbece5a86f9e400e85c9c6b0ffd8d2236e4cde1ab97728762262bc6e2272a33e9f561418d3c56ce16f617
-
SSDEEP
24576:AAsnEguXVgHgteHLHyLWf6A1Ti2KIzoGsrq34MeWjc:3tFWfV4MeWj
-
Formbook family
-
Formbook payload
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1