General

  • Target

    JaffaCakes118_b54468d6c1d72344b2cb497cc6acf8675ca43834c80953f01aa4e258b3c3a7f8

  • Size

    188KB

  • MD5

    bf98591445192f8edea34c099ac6ebb8

  • SHA1

    731f38608a73193773768c634f5feee9bcea990f

  • SHA256

    b54468d6c1d72344b2cb497cc6acf8675ca43834c80953f01aa4e258b3c3a7f8

  • SHA512

    ae56bb4ae2201aa81e4cefbd2d403bc4b6f025c67b2b342fa73bd2749940de438485daf8e2063909f5f58f6631dcce49cd53840e8678d4ef8f9345b18b0bfcb6

  • SSDEEP

    3072:HBQLMEJFR1NLh3g+D6tB67bCNgkmWq6My/YwhApqYX4Z:grdg46X67bCN5///YlsYX

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy2h

Decoy

wipe.ru.com

workilm.com

huaydowjones.net

candidates.legal

oracleprs.co.kr

paseba.store

netube.store

apk1android.com

frontierstore.bet

fosterfarms.farm

onbzkv.info

easibudget.com

santander-en.com

mandgimecrypto.com

cksgroup.co.id

spconsort.com

swapnochura.info

mnestudiojuridicocontable.com

crescendo-film.com

coderwd.com

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_b54468d6c1d72344b2cb497cc6acf8675ca43834c80953f01aa4e258b3c3a7f8
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections