General
-
Target
JaffaCakes118_7db35f373ff7a17469cf0e111a7ca2bc76bb172afe87d69e7ccfae173e7f6701
-
Size
764KB
-
Sample
241222-xcr97swlbr
-
MD5
94fb3c23dc1b3e626e2422ec0c72fffa
-
SHA1
fe1ae95bcad3d64c953debf5f577f8706d96ce6d
-
SHA256
7db35f373ff7a17469cf0e111a7ca2bc76bb172afe87d69e7ccfae173e7f6701
-
SHA512
2ffb84288834599e6eaf5b2019391220ea5aea00cc06053c0277094657c63d9d122be08b52b6f5e3f3f43e401348905aa560a3071ba29ee60dd98a28a1be3aba
-
SSDEEP
12288:Squ4acuJI8ew9N3diIwVzt8PvQqvfdcENLCrT8+90KP9hKhAO7dUBH/472nnqgt9:Ssa6Pwn3diIwVzt8FdPCf8g0KJGdQu2l
Static task
static1
Behavioral task
behavioral1
Sample
Copia de transferencia bancaria.exe
Resource
win7-20240729-en
Malware Config
Extracted
formbook
4.1
de19
predictivemedicine.life
coloringforthepeople.com
project154.com
usmmexchange.com
bootzxon.com
chaoge730.com
thenaci.com
moviestarplent.com
musicallyengaged.com
sneakerspark.net
yudist.com
apqrcx.xyz
traceless.tel
guardlanavionics.com
usadogrights.com
openei.club
aventusluxury.com
telewebin.com
godrej-threeparks.net
solbysol.com
tarahomesolutions.com
riaairlines.com
berrygooddesigns.com
assistance-bouygues-telecom.com
s4hbgroupds.com
lago-vista-ata-martial-arts.com
icishopping.com
itkonsult.online
knightsbridgecdd.com
wrightstowntigers.com
gzxsb.com
teenanxiety.co
shanepisko.com
fftblogs.com
br-cleaning.plus
miami1688.cool
necomw.com
americanfreightsystemsinc.com
veirdmusic.com
brandnicer.com
ones77motiving.com
stephensthebakers.com
thaicomfortfood.com
mooreandsonsak.net
19838888.com
hay-yusspd-osaka-japan.life
junaidsubhani.tech
cadengineer.co.uk
camaratechsevilla.com
scholarsinfoguide.com
listcord.net
bossyoushu.com
robertkslaughter.xyz
locallywhitstable.co.uk
rsbtileinc.com
eviexo.com
lung-cancer-treatment-43816.com
lizandpeter.com
iberiahomes.institute
buyeber.net
hanarsedivy.com
fielsp.online
kuav7.com
1classlawncare.com
lanyuelou.com
Targets
-
-
Target
Copia de transferencia bancaria.exe
-
Size
971KB
-
MD5
8ee464229bdaac78e1354a7ff334af85
-
SHA1
a566511090198f92b82e07c1675b256f6c91e923
-
SHA256
8095979c4153bbcced38a6ee12589fbb67f356535a91cf22e26413ee3f1c4e34
-
SHA512
836274df2b83188718400c22b71becbf445d2f128cdfbc342cb62cb3655cc70441a638705911c449f500748e7be13082a11ac4d261a03e9c805cdf10e3e1ab87
-
SSDEEP
12288:Ntcg0r9tDZddpnLnv2hVSKRytHxnrceHMcrIaPy1FTAUI4kSxv1/:Nt893hSh0K0pxVIaPy1FW41
-
Formbook family
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-