General

  • Target

    JaffaCakes118_d200b9d4e0b447118fa70b515d0f29cb295479dee645c37ac35dba822c57bac8

  • Size

    188KB

  • MD5

    b9068fdce3f5dc1f90eb39f42c63124e

  • SHA1

    b60aa83bfc51dc97c522a44d7f98d9a47e90fd9f

  • SHA256

    d200b9d4e0b447118fa70b515d0f29cb295479dee645c37ac35dba822c57bac8

  • SHA512

    f79f5cfdeccb1aa51a19de8d20c4e51f8441762462b3e83cff52ecf66f7f430f82c9aac9458848a81f2f0c6b53963ecdc2d87c442047c7e2773a1f8e0fc24661

  • SSDEEP

    3072:l9atBIkLPg2jZGHX3nr7nFqp3VjzDdwUHXBFJSKuGeV278iRTzSo:C/oXnnnFqxVjmUxrSKLeVliTzS

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ee05

Decoy

xn--ekro31fyrpxa.xn--55qx5d

gxttgfjj.buzz

lojaoutletbuscape.com

xianhewan.net

courtreporter.news

yzjhxly.com

mammaminimalista.com

oilfieldoriginals.net

sxptraining.com

balajicracker.com

womeninfinance101.website

yourcustomclothes.store

22487.site

zxznkjgs.com

devonbikeshack.bike

supratechnologyinc.com

ganbun.click

ronstarow.shop

sanderborst.space

cyberlabisc.online

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_d200b9d4e0b447118fa70b515d0f29cb295479dee645c37ac35dba822c57bac8
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections