General

  • Target

    JaffaCakes118_881325e471996f26089a8772ce3530b4e2c1e53ded4e501e5f21ac7ed42aa39d

  • Size

    188KB

  • MD5

    ec8e7e1ef2d84f44d0a0f1c3903b0cbc

  • SHA1

    8c0ab2d23e71183688a22d2fbeea7947594e6782

  • SHA256

    881325e471996f26089a8772ce3530b4e2c1e53ded4e501e5f21ac7ed42aa39d

  • SHA512

    ede97fa1ae7b31aaf074286612f6e5e6b5a41527490edf06233df5b747287b4f24bbe43650e715adfe57ff55f33688475a13f4734111b56dff8634e5ef8ae8f0

  • SSDEEP

    3072:m7PuEHO3Sto653YHYC2xKZ9Vxwt2WktoqRp6qmAQAMCrp:Um8lY4LKZ9VxwVktoqrlmAiCrp

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n62s

Decoy

renabic.com

thesanaservice.xyz

lifemadegood.com

lovedowlin.com

dobro46.online

birotoafyon.com

haztol.xyz

917mainstreet.com

letshelpourselves.website

mysticalbloodmoon.com

legallyblondeattorney.com

metagoldenstate.com

ylhsklzjs.com

thejupitercraft.com

josephineclaimhelp.com

flowstorellc.com

eyeofthegate.com

asahi1500.com

ochumare.com

hieslerpark.com

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_881325e471996f26089a8772ce3530b4e2c1e53ded4e501e5f21ac7ed42aa39d
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections