General
-
Target
JaffaCakes118_5fca809996d591928d049265b97cf7a05a96a24eacb8c8d1d7b20b4d36dd4dd9
-
Size
981KB
-
Sample
241230-x2z2cavlbr
-
MD5
f8ee97d6ef9988decebc88cca60fd7c2
-
SHA1
e3fc3eff2985d1829cc5645e0021f1e4080ed2de
-
SHA256
5fca809996d591928d049265b97cf7a05a96a24eacb8c8d1d7b20b4d36dd4dd9
-
SHA512
3a28300d96b38ec5392af4a2ea85bc28966f8efd7864a9349fcfc9ae887995d8a977b845737d96d50451cdf5974e3d50f55b987dc00069e64c4b31a48e4eecc0
-
SSDEEP
24576:R+IgkRZch57HZIS4tZXtN7NVb3Cgd56Dhs66w6P8XQYRZWHXD:R+IgCZcfjJEBtoPW3mZW3D
Static task
static1
Behavioral task
behavioral1
Sample
PO 211208-0211A.exe
Resource
win7-20241010-en
Malware Config
Extracted
formbook
4.1
kz21
affordableshopper.com
federalpensioneducation.com
nguyenphuc.xyz
tbryantnotarysvcs.com
satgerv.online
yis.xyz
sailing-dreams.online
saairconditioners.com
compassioncommunity.net
vickyrubs.com
uniqueprorental.com
xplus-main.xyz
beforetravelthai.com
mentaltrainer.net
bianko.xyz
postsandnews.com
stream-king.com
citizen.guide
lasuiterennes.com
elektroexpress24.com
kolkatanewspaper.xyz
digitalstore.space
konglish.xyz
cultureangel.com
carelegend.com
illuminategodslove.com
realisatiedomein3.com
homes62.com
leapsoffaithwaterskiers.com
shihuod.com
masteknoloji.net
vifi-web.com
winchesterstablesofvermont.com
theholdscarborough.com
sf9oh3.net
usdbet797.com
economiareale.info
gearinternetdeals.com
new-carbuycrossoversuv.website
losconquistadoreshotel.com
storetees.art
hotelkompendium.com
hohmbathhouse.com
graviitycloud.online
mewstralia.com
domesticelectriciankent.com
rentalserver-kurabe.com
jrkennington.com
register-coinex.online
iywin.com
laviniaribeiro.site
lorodicahmdpa22.xyz
mebelrosso.com
topratedales.com
kastyelie.xyz
weeventos.com
szefrxsa.xyz
fyuc.info
competition-malachite.com
onlinebatch.space
ida-info.com
fakeituntil.com
lm-safe-keepingmdpa22.xyz
tammooz.site
cingetkuiert.xyz
Targets
-
-
Target
PO 211208-0211A.exe
-
Size
1.0MB
-
MD5
4932a1d01ae69c90fa06963bfb368884
-
SHA1
8ffbda9ba7d5d81ca7ca3714ef84f272181192cd
-
SHA256
55d83cadb3eaa23b65912739a821a03a28186b5759528e1038a46c113db28614
-
SHA512
22d5b1470939ff871eefd1be57837af61beb5a9e59a6b5b156fb8067de377430b4419d90f593a72d6faffb4c9d09adf8081623f97cd7af8f5fe1a27173e87cf3
-
SSDEEP
24576:X3ddXRqVJYmmjuIgAUIMN3AkbNjegVn67zK86/hgI:7zuTge3z560mu8CeI
-
Formbook family
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-