Behavioral task
behavioral1
Sample
JaffaCakes118_c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
JaffaCakes118_c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e
-
Size
188KB
-
MD5
0de86a2e5ed152bdc07532f8f409727b
-
SHA1
575cbaaf5d680037a4116e8fa759a0429445cf23
-
SHA256
c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e
-
SHA512
0381ada315fe2e15a36ec7c6b43922e9b396b88f75f7f13eb57d1eda10baac21ddf21f00cdda6da74bb57f248e729eb56bc13213a552fda382f9e15fdbfe0c4d
-
SSDEEP
3072:dzs49sSRrwmpaBTqJW6sE4VHT6845/fwBziLPoYEXwlYxpqJK/:dE+c6Yqfsru8U/o1EPoYmwlYZ
Malware Config
Extracted
formbook
figc
47NW9KXrL+jgHgkaH/SBm7e9+eE=
ZiDP2+PQatbRpw==
McLVGasjijBUTSo=
7pCDHTcZBQCyFKFSb/4E
YwIKwvCFzlnbzcNqDNZ3WH77
yFJV/xjTQINSFzg=
HJb3EiH2afruNRSvM8UmOTJszaNv
vpTsJ8xRpExCgnlkzaoM
hUfQlYHe4Qb+DVchQM/mlOM2kjVisoJUMQ==
0URByQED2NCVrO2x5w==
0rjp8oD4ZRKfuI9GPlhwJA==
dxYJqqoonh7bHhMqMNIxXJnL5biDg2uv
N8ICb2IiuRdOx0dgucigiZ0DBA==
xmZ3s1jrZPStPdn5PlhwJA==
UxQyYwqi37V3q59to3PU5ZOZtoEGTcin
SpBGRe06ITs14S8=
spVKc4gldemrMNzf
6IBwrjx2XTs14S8=
FOp6CqjQtLdXT25kzaoM
P/O46RkpqQ8Uvw==
ky4t4R/xYuxdUXVkzaoM
VvVr5YfjxMAqhQPG5mw/5j8MI/g=
a+pFYGDbkR/nvX0+dQQDCgtIwZZl
tW2y7He3xvLluEp13Jzvaa4=
MgTK9CICUduRX+q+hAaUIQ==
CZaMFivjRfrAbtmHjSh3WH77
WQByCJSCCbaj27tYz5/C0bX3GOk=
HN2eGsENvTPjZJ43w5/C0bX3GOk=
ul9T5wfLlJSE9V9y7w==
YStggTiRZpdR1k6fLr4=
sIxhB67Dho4OmdyhUttIwJhMd1R9hKD1OQ==
I66oQy0AwlC+
624EQmEEX7dqX4jB
E/+WRoGOatbRpw==
8rXXZ4de9W8tiZ21t1ytBar2I+4=
O+tmTwaN9Ts14S8=
z0rSgQoORhGrp8LZ
LxS0XQtROWYYr2yRDgWUIQ==
nxqJD6e9lMZOtzLpH+m8fb4FEw==
k/pg+XhFqD0ndH9G68PSWKw=
8cSDk56Se3V2B5ifMr4=
vVxeqjy4t6Mjt0KjL7Y=
E4oLvGyRf41LdDb3FN53WH77
6bRX6Wf8ze0=
Bpqs83OrnK43u11f7Jv0BvsBQeo/ew==
GLCbxUuNkrIus0KjL7Y=
SQFIiiRa60HtFwcRGqCu9MBSg3OIhKD1OQ==
noFIgotFuHQhLga1136JkI8QUSiWqPq+
Rd690WG5sbydrO2x5w==
NLLDeJVHpkfp50ojIr8=
zYLyOtwB39iWrO2x5w==
At0Gnb9ZmUkHvy8/ypp7KLe9+eE=
BJe1a4AajRS1Ntv4i18vvyvzFPg=
ikWQzjeEW2Vfq7N9Ibc=
Cl+up0yUZzs14S8=
PA4ryveT744aLPmakyR3WH77
lnKD3xqP8m4sdXlkzaoM
yD9MkQpFJlAUuUKjL7Y=
LrxXFcsXuQAKt7x1E7A=
hx4FGtysJcCi1r1sFNZ3WH77
blIRPUzyCqWsdZnH
33ZacRmjEbdCT3RkzaoM
3F48XdkN8ybtJUKjL7Y=
xJb1FaEfiTwpc3tkzaoM
artglass.shop
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e
Files
-
JaffaCakes118_c466d9a12e1ed5d9e3bb8062527775a1cc3b69596b4552c405a1d93870cc075e.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ