Overview

overview

10

Static

static

10

JaffaCakes...6a.exe

windows7-x64

3

JaffaCakes...6a.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f5ad2816d3aceededccc15798d6c2837f4a747c19e823f505058dd171c01ad6a

  • Size

    192KB

  • MD5

    8c3c643b8de7fc42052e0141026d80c6

  • SHA1

    db7db0ddf210f93c7bbb5f70c4fd9ecbaf3d6626

  • SHA256

    f5ad2816d3aceededccc15798d6c2837f4a747c19e823f505058dd171c01ad6a

  • SHA512

    a5fe0c840486bf718a6dbb006060af354f616c4419abd3049ea9033d4ca169803d0164ead295313ba57268eeadc6ef673c90363543885452d43e061034d119b6

  • SSDEEP

    3072:yzXzkZux/FOQa3gZBih413qz7Rs9atOXLVpz4elw5n2YxY5CN+:PczcgHYk3qz7RgatWLP4eQCe

Score
10/10
ratg48sformbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g48s

Decoy

ncdiag.net

5minuteremarkablemakeover.com

caribbeanoyr.com

haoyundaojia.com

hillcrestmidmod.com

luxurion.net

tomfordworld.com

colaborem.com

744456.com

rocketsolutions.info

dlzhh.xyz

eaglelakenews.com

uxrbxr.site

nikatai.com

cyberspacewar.com

dandion.online

kondakowa.com

caitlinmcelroy.art

atrisits.com

spectracorpcompany.com

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_f5ad2816d3aceededccc15798d6c2837f4a747c19e823f505058dd171c01ad6a
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections