Behavioral task
behavioral1
Sample
JaffaCakes118_ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973.exe
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973
-
Size
188KB
-
MD5
04ecab4dae42f8db8a8336f79a820c00
-
SHA1
0bd4f9214bc5a49ba47384b105b5829db11b1171
-
SHA256
ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973
-
SHA512
e3c1286317a09f608c502ade7e0ade0dc7e4476509c5fd777af342769c4fcd8a423f34d542835773e770433d0b32aa9676e15bfe806cbd57605836aaa2428144
-
SSDEEP
3072:Xh4eHi0WR9VdNj1NWIt+cyFLI+H07ecBY9efloRBNjvNDu1y4i+SPSo3vo:Xh4TLldl1FQVXHjcu2loRBNbYKP3f
Malware Config
Extracted
formbook
wnoa
Anzfj8CstzWn/Ik=
BkhCB8WrOvIUcY78lw==
xEyLf4okJGEBag18DTzNfYc8/tJTCyY=
L8YF7D0dJmDN2XbqnL6BMPM=
pLq2gHn54xib667ul/0cGeUUZA==
bKjcinHr8mKS6qLfjA==
n/YN69yEx3KoUAU52DiE+IS5ItJTCyY=
BRQILrmcFxdJkIE=
e7itYBn9mZWx1FOTUzskZA==
e7Gqlb+Fsy3d+bramPc=
SV5QF+PEQe4c7onu
F6D7r3RAggSr98cs+mWjCY/KQw53Diw=
lqixnJdBnCAJdelB0L6BMPM=
N8Y0Fx2lwnaYJNQg4iUaGeUUZA==
4tF/NC6/DfUpRbGngLVx
oLuerEDAN+8c7onu
hpiWgzD7vb4c7onu
twgjE4g2SQIjRbGngLVx
G26ZgMF1Wp4/iTtpPm9sMvU=
SQaUJPgO/kyg
Ucg8IphECQYbMq+ngLVx
J2dD3octbFc60KDm
xlOEgS/ptO5niyOXQKd1aH48GtZ8UWKw
li56Eb2eMRSV57ramPc=
duJHbXkdcvXngUFpPm9sMvU=
W5h/Lrfk6zWn/Ik=
G1yZRV9I//0c7onu
y0dmNfq0A4Nova/mjg==
B4DZoqY5OW0HnrramPc=
YJSRb/GBAb3eNVPLhA==
+TyEEoIWmFiR3E1VJpHuZg==
py6kg3jw92ZT6afr1wcxbg==
k6sg4tLiQ+4c7onu
MWpjMqEUl7ZvtF8mJ53+PXZOcw==
H1qOMl44QbNfqW/Dl6snyZEKtT8=
E6QLu/abKSZguNIEncRz
ixBYSzcO/kyg
F1RcRbMWi0FV8J7jow0gGeUUZA==
jwZB3BD081j/FIG5UIC/JrTyEy0Rmw==
AlpffYTlujWn/Ik=
FEBlUVDU4Uk00pLujMIDhlDGPhIZEmiE+A==
UZy+vUTbsjWn/Ik=
DTY1CtqLy3yr+4nz1wcxbg==
Al6PizMF1tHzRw1kLqBxbHLxNhH/
cMgJpt2+ve+R5rramPc=
5FhuWUa2vzPlKAtxOrJelqdo
v9TRhD8RcSxZ880r7mJxqu6wOM5SR/bD8A==
DnZ5UlrJpxLG8LramPc=
QX6HThLyczdcva/mjg==
70yPKeKb8KqjwTF2OrRelqdo
+zoxWYhTmD9jva/mjg==
Soi4VP2zEwIkObcBsOEJ7sTMyFL3
2PPotB76h3/tgGDOnAJ/Mfk=
2ic+Fnzoa1rQdhxmKo19uQkBEy0Rmw==
wg1N7iTFVUhohna5TuA=
dPhD5Jt9DMa7B9lKJxDPzdeEaSkUjw==
0idWB7cp0AQ=
70BQJqkXoh1F1w==
p+wWDgd+kAizva/mjg==
idQOGiyzCjwvzg==
9G++w0HFTkFtsHDEUbNelqdo
xhsq/fqEjtV7zHz7vC2MFgfFcy7phg==
Y+YrMrw6u7Yc7onu
uAUf/F/1tLoc7onu
promociones-ec.com
Signatures
-
Formbook family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource JaffaCakes118_ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973
Files
-
JaffaCakes118_ead32e37f50f2286b999f7b69439f4703027a50a92c0374977ddf0d8ba005973.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 181KB - Virtual size: 180KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ