formbook | 0abebb391df1b393b1dffd399a3c083e_JaffaCakes118

General

Target

0abebb391df1b393b1dffd399a3c083e_JaffaCakes118
Size

167KB
MD5

0abebb391df1b393b1dffd399a3c083e
SHA1

901a4ce0d6c1a875295e85ae81299bccec5031bc
SHA256

197c68b4ed753c6df3ec574a87b54c3e885ab6fd036b3f7b0f9c3ceb43276e14
SHA512

218228c362990546ef36e021233f67c99c493d4950868bc9a4c53f3f0b748bb4e813b8613b6a7863a3721c284fa5ef502c537c9017b1157e903019263d5048d2
SSDEEP

3072:R4ePcflWfQSGtoYsnPRmjubYi9A/xPT7xN4sfWg/bNROY99:pol1eYsPgjubj9A/5x+sfF9

Score

10^/10

rat fr formbook

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

fr

Decoy

85highstslough.com

gritgrindgolf.com

davismco.com

elsadehart.com

392manbetx.com

kupadunyasi.net

xxwhxw.info

sdrbxv.com

elazighonda.com

china-adc.com

odxrs.info

201810.top

q212.net

hemlytruckinginccom.info

multiexample.win

bluedocuments.com

nihonspeed.com

ironicon.fitness

barcelonabyboat.com

bentodecal.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0abebb391df1b393b1dffd399a3c083e_JaffaCakes118

Files

0abebb391df1b393b1dffd399a3c083e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB