Overview

overview

10

Static

static

10

270e9ba7fa...c4.exe

windows7-x64

5

270e9ba7fa...c4.exe

windows10-2004-x64

5

3410297259...58.exe

windows7-x64

1

3410297259...58.exe

windows10-2004-x64

3

6f09c7f423...50.exe

windows7-x64

5

6f09c7f423...50.exe

windows10-2004-x64

5

866e097ff5...39.exe

windows7-x64

5

866e097ff5...39.exe

windows10-2004-x64

5

9419d53b0d...8d.exe

windows7-x64

5

9419d53b0d...8d.exe

windows10-2004-x64

5

fa9d1e3fd2...51.exe

windows7-x64

5

fa9d1e3fd2...51.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4

  • Size

    1.8MB

  • MD5

    b2787bcd83da6bc771a170f66cbc2d36

  • SHA1

    e708226410bb8931834eb6374cf936bb8df30671

  • SHA256

    29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4

  • SHA512

    74bdca3676deab73f93420cad81ff3579a450ed5e22b24f32c92fa9e4858b2e0c63f1c121e7d05784e857258de43154bba890a069d133fb57748cf4df75759f2

  • SSDEEP

    49152:KknF7PrhOFOPSsD3C82Ivkbn4PZ/ZRwS7D:KKrh5PSICMe6pw8D

Score
10/10
upxratnykformbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nyk

Decoy

thenursingstudysystem.com

michaelxp.store

villas-townhouses.com

xwhzpx.com

bk-equip.com

wunschpresent.com

bodyointment.com

k12schoolreports.com

thelittlereaders.online

studiowala.com

glassprotocol.com

operationhitched.com

allafricadeals.com

chollotiza.com

sustainablesmartphones.com

variationsinvarnish.com

juqms.info

babymasajsalonu.com

theresekhachik.com

wehuq.com

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • AutoIT Executable 5 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 11 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_29b963d2967085d6fac0e7048834ce02f677845639445b6af519649680e9fac4
    .zip
  • 270e9ba7fa51858ba35182e14d0b91c4.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 341029725926d6ce55334f5a51dc1358.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 6f09c7f423232ef509f90e66b1146a50.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 866e097ff53dbfefe7b3289abda15939.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • 9419d53b0db3f157a6011c8657ba118d.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • fa9d1e3fd2983aca146b2a04ddf6e351.exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections