Overview

overview

10

Static

static

10

856e6a9ee0...22.exe

windows7-x64

1

856e6a9ee0...22.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8fbdc5495451d5888ba07e8e2ca2103826a138df8492e71551d76477850ffed5

  • Size

    133KB

  • MD5

    74bda359b67efc41797d75a0524f89dc

  • SHA1

    ee77b8fc655286afba12aab0de3064a8442e96d1

  • SHA256

    8fbdc5495451d5888ba07e8e2ca2103826a138df8492e71551d76477850ffed5

  • SHA512

    958e167c7f6cc950dbaf87d1d1937f8c0ac27a01ad35fc8a06bd51571b58cd01668461c3b09567e8ff74c3d7d371aea471b1dfbd9250195c57ab786044678d1a

  • SSDEEP

    3072:IQuCx7xGNEbHSLzxMfts0rFHCPVaUrLs8yTXSw13R1L7Ma3XWf+V:IdOVSnxM/pCfLs83wv10a8+V

Score
10/10
ratv82formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v82

Decoy

fasonplastikenjeksiyon.com

yallamama.com

konsico.net

rahalahrgypt.com

bamboopages.com

rossdailey.com

bqgjgj.space

libertystalehouse.com

ondiscoverybox.net

karinheeling.com

spankmouth.com

yehbro.com

constmotion.com

propertysrv.net

smart-aligner.com

ibuybeerhandles.com

vertelog.com

xn--299ayyg42f.com

lordogtelluride.com

teslaglobalservices.com

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_8fbdc5495451d5888ba07e8e2ca2103826a138df8492e71551d76477850ffed5
    .zip

    Password: infected

  • 856e6a9ee0159e69b10042867d4ca7619927fe89431965afe999c50f8b21bc22.vir
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections