General
-
Target
JaffaCakes118_530510ea2c39f0e2984eb108dd91b31fa861718d9d875aaf353f6574aa433647
-
Size
374KB
-
Sample
241223-rc7f8s1qel
-
MD5
17d0c744f89393ac5911f70e9144a63c
-
SHA1
297a571a32bedd89ef3071457697b29b434fde9c
-
SHA256
530510ea2c39f0e2984eb108dd91b31fa861718d9d875aaf353f6574aa433647
-
SHA512
bc5fc43b51f554d26acc40043ea10d21f57b03f4d76435be93b43b8b5b084fe1cf018c5b2f9c5e5ef5e90936413d833b696108fd69324aabf897c3b49f931771
-
SSDEEP
6144:TZoyY9VwHhoJachMTKyOg4lrUupHy7456Kh6+/LPf81CD5tzKyer6IBMX:909OBoEcMKyOxIupgg6QDkg7LyXY
Static task
static1
Behavioral task
behavioral1
Sample
8df5da115c8287798fe9d01446bcad9e56020c15328257b305503f77ce1b8dd9.exe
Resource
win7-20240729-en
Malware Config
Extracted
formbook
ah5g
wReSyw0+RXB9dOy3kw==
Mje7ZN4AqSDHqWC1
5l8DIF3lJCgYq1grAXaPXqfyVHnB
2yzJ2v0xCurT2fvWrRcjCzblO9c=
GA0puQ1MMi53/hai
HcK10MEkj/my0vq6
/eYRSqPBgN5mIFYdwhhNPx4qKcA=
QrJjn3pVSWJS6475YqG+m+dcqQpGhro=
/PIhV6hz2lTnpEqs
IfnU8x2W9a3nm8s=
oyfXKKI/e2Z1pbd5V/qLNnOhqQ==
CAUhKPVikYla3ZNZPMVP3EUxEzuktfKD8A==
7CHCZd4BqyDHqWC1
3zzpmQsz8GTjBrKZIldeuv0=
gv+8bdOi/XLc9Jgmzak1
DHUSvjFMIJpgmNCkn4lab6dr
YLszW53Yz3/NTUVOuww=
PNN6m5J7Uoodo1bFQrPcNnOhqQ==
E5pVg8MGG+NEbQNOH+WLNnOhqQ==
GO/g98tDkI6CdOy3kw==
ge+f0BViRXU7231FMNU9
57MmvSRN/HvyuWY2UJETgQ==
uycZsBVXMR0bw3lBUJETgQ==
xEtq8lHwGgL3mTqqHJR3j/U=
CP9SAW2xtdeqH70pvVPpirP4IEsJPg==
S6pzixCh1H54JQ==
AddD3Sg9EIbqZ11itwI=
RUmtov7HVo7HqWC1
8a4HPZryASkd0O7DI0ZgOzblO9c=
h7/fEVIHKW0Bpc8=
Qz/hXqO2du9UZgjJDPKbMIf+daPY
fAtC9D3MawqFQ9tLwitMbpUDOs8=
5a+ZoHznRw0Nr8U=
1vMXKfdhkopd04JAUJETgQ==
sIn4Lhb7Ag0ipdI=
dNZ4lhyj1H54JQ==
OK6lt5HqbR3HqWC1
Pje83RxfQkJP8obWJJR3j/U=
/MYzzNMwm9nEdx+FUJETgQ==
h0/DWKNR2ZLt5kXVuKA3
f1fCYaKPRQ0Nr8U=
nWfPbdqhBIobRt40FfOSG33+daPY
1B/A9UDT/4veMIf5CR4=
QReBIIhvyNSvVT1n7Rs=
In7xCOHtxVm7w4hp6R04IYRHkzCktfKD8A==
2qvEBOBj1H54JQ==
JX4fYjsv9XLcWz1n7Rs=
+uu36djWh/1hxJxoP9U9
aK+7zKUjwgDrok62L4yNWoevDgVoNg==
BpK7UKzt/NE4rl76ImtzhA==
QB8+cJQGIugd
3GyLFGe11H54JQ==
hIq59E1tMK77C7ctUJETgQ==
sQuCxQ2yt/Daaz1n7Rs=
yEdB5iig1s6uVj1n7Rs=
WkK1SJ6yaw0ipdI=
EiVJaa1440/AUD1n7Rs=
LpQTQHq51H54JQ==
Jo8yb1VKU4Bh2XTIIZR3j/U=
es9nDoOkUg0Nr8U=
Fr/rBdJKlYprBsKhhBOUNnOhqQ==
mRu7yKWJlFncfieFUJETgQ==
I/ENRaN0AbEWGbV0aLXi9FWAoQ==
wAOjWJmYae13RXE0B8g9
jguathink.com
Targets
-
-
Target
8df5da115c8287798fe9d01446bcad9e56020c15328257b305503f77ce1b8dd9
-
Size
458KB
-
MD5
b9d18f0b735dea8d38a0b7cc9db54546
-
SHA1
46b618a3134e02b343536c3c35fb44c64d1150c4
-
SHA256
8df5da115c8287798fe9d01446bcad9e56020c15328257b305503f77ce1b8dd9
-
SHA512
ac92fbe7548d7eb60bc2232497ce08fbea5eed4d5a6ac488ff8a89d7d80b51392dec8012d935b81536bf31d36a521302405a85a34c3c908111f67ce4839a832e
-
SSDEEP
6144:ZxlZd712A3TemiYjAKD+DrL/f01XcnNRHolwNADBuHzo1N8L:Hl7oE7iCAc+/L/cZPlgSBuTo1
-
Formbook family
-
Xloader family
-
Xloader payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-