General
-
Target
JaffaCakes118_1c3220824e17fa275784c1839823e1ad
-
Size
672KB
-
Sample
250704-p3e4kafp7w
-
MD5
1c3220824e17fa275784c1839823e1ad
-
SHA1
0dceac5a47b45e6907175895f01b3bc63209e5c9
-
SHA256
209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb
-
SHA512
4029cefb34a2624cc438ad9323a28077115ff018bcc5a40793030f3c2cfd5508c499c2037f5262e0e62f8a614d8c37cdfdd8b3b66d87aeb1355174ef0333add5
-
SSDEEP
12288:k3+/K5LS77gb905+Iu71neklB2m+ScdKgyqlR4J0AunXN:k3+gxwMe0BtSYOR47c
Static task
static1
Malware Config
Extracted
formbook
3.9
fr
eko-laguna.com
mr055.com
goldfingerau.com
lokpalequipment.com
silijian.info
netsuiteasia.com
kanpaicraft.com
connpan.com
anthonyinvestments.com
jp-plastic.com
dealscouponsday.com
santeprofit.com
vioth.net
ylcrm.com
catalunyaclusternautic.cat
tianyucha.com
maidonline.net
savethebaltic.com
yiotyug.com
dobro-group.com
newtura.net
topcriminaljustice-degree.sale
valeriaartlab.com
754bjb.info
darbyis.com
webmastergame.site
livez.net
michelligroup.com
kmcits0257.com
convergedsecuritysolutions.com
tanolicart.com
laprw2015.com
sportscarmerchandise.com
prestofood.info
gracemaileads.com
summitna.info
talleresmvracing.com
f3356.com
msgx.systems
nextmobility.tech
wenyingpeizi.com
hunterschest.com
yourdentalimplantspot.live
anaelipi.com
iamdiabeticfoodsok.live
northdakotapayday.loan
maifnt.com
wmvixb.info
silverstreakers.biz
prizebondtariq.net
ragestories.com
sandiegoeyebrowthreading.com
abovegroundimaging.com
arcperspectivesinc.com
nalandaagri.info
veekvee.com
xn--5brp51brle493c.com
wd00010.com
kirtiandsandeep.com
strideplugins.com
wayfinderapparel.com
anabaptistjapan.net
successfulkids.net
pattersondiental.com
jeycop.com
Targets
-
-
Target
JaffaCakes118_1c3220824e17fa275784c1839823e1ad
-
Size
672KB
-
MD5
1c3220824e17fa275784c1839823e1ad
-
SHA1
0dceac5a47b45e6907175895f01b3bc63209e5c9
-
SHA256
209c5487fe6b505359d61e4c19ef2c85c4826aeea2c9700b4670190c653abbeb
-
SHA512
4029cefb34a2624cc438ad9323a28077115ff018bcc5a40793030f3c2cfd5508c499c2037f5262e0e62f8a614d8c37cdfdd8b3b66d87aeb1355174ef0333add5
-
SSDEEP
12288:k3+/K5LS77gb905+Iu71neklB2m+ScdKgyqlR4J0AunXN:k3+gxwMe0BtSYOR47c
-
Formbook family
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-