Behavioral task
behavioral1
Sample
JaffaCakes118_180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575
-
Size
188KB
-
MD5
da0307aa068c16b658b555f40f65ff92
-
SHA1
366d2e4795a49dee79f3ac4d53ab403627b0db60
-
SHA256
180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575
-
SHA512
1f4cd5c49eab9b7738aa69ab74364ceae2bec64a53586f22c3ba2caa77c5bcb4bbf4e7063cf02e27e0394b392f86589b9f4b622a8c4776e38082a978d5be2775
-
SSDEEP
3072:E4GLzrH1x9gGiEhTJWaq4//CbmPy6siyyOf4RKTPY5Y8Dciv8/:EDaehTHnImK7iyyOf4cTw5PLvK
Malware Config
Extracted
formbook
8ch8
EpMcJgRhXLgnbGVS1w==
PT1CWj241lPTuYLqz4cMQug=
iW5zo5XTlCyvPyc0hZ+/Ww==
3TiaoYnZM2R/2Jxzj/YY/wSb
gmIzUUXL9Y9CJH1OhZ+/Ww==
TdhX816H2NfWDDA8zg==
hrO4y8wSaEd20IZmhZ+/Ww==
hpV3JYmIC104sSI=
OO5xgWfn6pzCBp3kOas=
wJJtjXKWWuN0B4D/Zq+h+MJnVA==
cG5OST1xygeTEXTwN+gtU+o=
DEkjtjWwSl04sSI=
4jIoyEKj+0h76T8=
CBgIFRBAneBly2N666Yv0uI=
q7/M5ri8J104sSI=
X3FOWUW6vIeYk2QMLPV/GR/KuJlO71Nn
Pk5Xbmm7K2oM390ILKE=
AJLzkApAgKHYDDA8zg==
Z1BN4jzHtGx8ZiKO2DMnznIiArHLh6E=
1WnEWMU1nd7aSQ==
JqQyQBihE0zUPqkQM+gtU+o=
s/PS78pFNpY4EmA7hZ+/Ww==
SWiErouLCl04sSI=
Mb4bry5wsMXSsmfNII+Z+MJnVA==
Yvtl/FGH0abFKd0ILKE=
dR2Vr3XriJPALd0ILKE=
u4n2keJV8yhGLdVY3KMY/wSb
FMwUvyqN+9nyb08olHiY+MJnVA==
kvjd9oUCJY7HQw==
rUKqP6ctwBS/p30ZHN8t
O3xge7O+fuZ1
IEkfinlEnd7aSQ==
Y/BsBlfJd3Bvr/xe4OgtU+o=
6SgCGfYs8JlGwIJmhZ+/Ww==
pWyqV841nd7aSQ==
S6KwUMIz3/MMfkovSqSf+MJnVA==
jgh3FnS8KnYEbin+VDDfBZVCDLHLh6E=
VfRR0ze4kzzeSQPuOOgtU+o=
MQjV8e4WwSqaI90ILKE=
4qIWxDppoJKdJfbYw3WKQdCT
NqDoGxVNtLF4RP9u7ak=
sCuAK6wTf3E4tCg=
7n4HEvEjB9O9a0lFzA==
h3xYc0iHaAD+HCwBY1keUw==
Mvzcddwf4ocDPyuO
BUEaqyBq379i4z0=
FXB8J5gEfKc4uydkmGAbvpq0OBSJ
m9LA5+Mo+njxx4LwR5Z/r7qoRSaQ
Sxr7i/ZkuBDJ9NI52Q==
nqCPmLkBGt/6amJEdb8=
qqaMnYu3Tvf49mtalYqRQg==
q7yisJERcJzJJxX6NegtU+o=
0VHGbdpItPKtpH0ZHN8t
6TUiRhZeWb/sUA==
QYRAUmAgY6iu8To=
2hjc+NQzSdBr9oqM
D3ozRUKuSF04sSI=
Ati37d9hggmhklnOUhmpR3ISv03gucNi
ljzEYeUpE9zwN+nROOgtU+o=
BFKnQbHnJjpFjko5hZ+/Ww==
1VDU28sN9cTpRfToIdkv0oUzArHLh6E=
t+zsd/s/h6zeDDA8zg==
7ko/WzOy1mckGW06V7Cl+MJnVA==
nAdIaz8bUVCC/Ms22Q==
poricityhotel.com
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575
Files
-
JaffaCakes118_180a970240355483df0d96234e463d6fd8e61ddaf6b61b2a2256f3ff5eb42575.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ