General

  • Target

    JaffaCakes118_29c72a677300d6d3c9c3809325f2a22fed8a6a93659561ae7b91c1f813a31f6e

  • Size

    188KB

  • MD5

    0316b3debd5ea526e780467796ac3afa

  • SHA1

    bbd31dadacff532d7cb41ee9a09c50b528d4c931

  • SHA256

    29c72a677300d6d3c9c3809325f2a22fed8a6a93659561ae7b91c1f813a31f6e

  • SHA512

    c5e54c02a17ae8f3ae080373bc0679c260d9d7e160afb138f8324dfeeeee7d4245b9b2b549b781bdf5e61d41a6a41060c4b8b7cf2c50bc493ccc7a3892b9a646

  • SSDEEP

    3072:nOcEhLb6zcSx53VeSPPKFKSh2QdOjPayFHIAeLyLZRRgdly1:W6lVN3KF7h2QIjPayVp9RRSly

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s1y5

Decoy

grayzoneconsulting.net

antidogmatik.net

westministerhoa.com

leavesickness.com

tigerglobal.asia

converterpdf.com

alexcsipkesart.com

scoliowave.com

officialstc.com

fitnessprofitladder.com

boulderchauffeurservice.com

securedhelp.info

orientalrugsbymagellan.com

homrivan.com

3dxtools.net

bungalovsuitesapanca.com

pavlovgroep.site

dermatologiapsiquiatrica.com

feraliopolsar1.xyz

duvalu.agency

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_29c72a677300d6d3c9c3809325f2a22fed8a6a93659561ae7b91c1f813a31f6e
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections