Extracted

• • Target

    6ecc25dbd0d4672782217d771f3bd43f_JaffaCakes118

  • Size

    444KB

  • MD5

    6ecc25dbd0d4672782217d771f3bd43f

  • SHA1

    9c1a9b2cc48e6cbc5add4d1d76b504775b7ce32a

  • SHA256

    a2d6cefebcdea60438aa6f581765bbae413499d8dad610045a24aecf8000904f

  • SHA512

    e79f1cb1f3f4c6e3b4a5608e1557d374a54cee7af7cd8284ffa7106adbad355c7c9b0027b5946faa3e7dfbf54b14a15d33a90bafef46f8fa7de606560b08034e

  • SSDEEP

    6144:/O40SwTgRnh+vWvYxQ75F/SdbGx2Mu72QEeqamy8EGDYgAsSmk7sVbO:240SwERzv775EJGhu72QEBamyH0Smk73

  Score

  10^/10

  formbookjw8ratspywarestealertrojan

  • Contains code to disable Windows Defender

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook payload

    rat

  • Suspicious use of SetThreadContext

  behavioral1behavioral2