Behavioral task
behavioral1
Sample
JaffaCakes118_3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327
-
Size
188KB
-
MD5
fb709fc92dfe3bd280dc9c73af06a3da
-
SHA1
d3ab3b1d31f9cecc860b90cbcaad7db5362e37bd
-
SHA256
3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327
-
SHA512
3a9782edb3ea22c85545ea438d92519004521a63a6860038ef142b4db61e8a94e1185ac78bfed87f4cc4a8a6ed597f34b3b2c0873d22b08f50a643649aed0740
-
SSDEEP
3072:XLSVI5rwd8022hTJW6Y4wz4AZ3NjWNhA/0aJF9FL/HUCmuyYD:XKrg2hTnKxZd6NhA/0afHU0
Malware Config
Extracted
formbook
fyie
GoIkyv9zPus=
rqumdFS+fSOmVg==
gba7aV6XnxRo41Q/Eg==
2hReVCliKhafVA==
GmHOuDVINTcDOoCzurGWZ5H0egg=
NBwV/fonsPNvJpKTcx7WUPtn
Mm2rZ7l4xtciFEU2EA==
vILBOCW253mdiIw=
f6/28L8o2n7E
kNpQPcr8ybwp41Q/Eg==
GQd5OZGzs3mdiIw=
jYB+UEGLL0vDNVuDjpKSNP5t
gL3xvFnQbXjT
/ChjSgMVqbonAkbjowF3Xg==
PlDDiOUUFTOeOJhRzNa/aSxTKAc=
d2hiPkpzPdRTDXmVowF3Xg==
o7pIHYqZSnL2XlWwPtIPEQE=
xkvaWPyeKhafVA==
R0p2bVV18vFZQw==
t9zBop2vaRoaDDn3d0h3Ww==
2tT8z1FaHzQ2fO+jLFZTcUd4ih/+
xitoJVBkBYBkdL0nqLk=
P2Vn1E2MR9rMwtB14v75phIJFSIHGh9JGA==
eJxECixSE45aXow7syjunhA=
t8qDYo+doc8osOU+3Nuf
XWdfMhg4Mt3Fy8Q0gbvWUPtn
bdhhRqfb7g0k8CY/
TDuDOpydXpAcsOk+3Nuf
FjBcIKLj/zKZIxs+3Nuf
M4LY0qrKvS86Jmc3pbE=
CmTXvC87FS+MChI9T530pBQ=
fYqQYlGTrCnutvfjzlKfkR0=
RJThrkdxXnRwI2wUYBaX
EGIoAktlWYSDtO4+3Nuf
Z5vJkj9L3cN6TA==
QnDRuUWzPnTzXpA+KC3xpEp4ih/+
DTi3fL/EubaootN73W3yn4G/Pg==
+BzSo9wo+7Go/nrKwMzWUPtn
TI3Txa+/RUNJT1f1dtaBi375iQ8=
y8S9hVB2b/y5DL0nqLk=
NCMbDSpaKK2DiL6isr8=
r/Q0/Jm9fz2+ips=
muXPgTdOEgaKSg==
eWjs7puxsCBv41Q/Eg==
9vlzMWB6UPp9RsH7CgXRjUN4ih/+
wtT846XfpNok8CY/
m+GrlNAN1ImRj9E3qbE=
RFoUFpHDxb7/PoGfm6eFfnK+eIbybNI=
CF45BAYv5nK3WYrqnaWG
fKXl0agg7Wna
nq0n4x9lQ+Ru41Q/Eg==
XK5VOVqhpx2BAn2Mbq4=
wyqof32PKhafVA==
2wK+tSM4sh2DSQ==
QFYvFQ5SYNtFuOM+3Nuf
iZYg+253JD2XXJySWYaFSv1cBSLUccs=
QJIR9kaIaAiVYt7+xU2wcixTKAc=
bWxyWm+FN93EEL0nqLk=
fXRxSCY+jN9PzvUh
yi1NLdnria4kAHiVowF3Xg==
2BybhvBGG6V4ZGMDWoKZR80o+iLUccs=
JITuwCBWX4WFxSyg9AXY4qe4j/Xn
4jmqZp+ytXmdiIw=
e8IuEXSVM22Aho8=
lyonfinancialusa.com
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327
Files
-
JaffaCakes118_3568536d13e201339d76f5f4567ada6ee2a045ebacb6bab60fd9b9cafdb7e327.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 180KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ