formbook | 4b51391defb5667047230eed1f8860d5_JaffaCakes118

General

Target

4b51391defb5667047230eed1f8860d5_JaffaCakes118
Size

166KB
MD5

4b51391defb5667047230eed1f8860d5
SHA1

b0855ff1fd5bc958ad7b2b3343f787495ad94709
SHA256

f9c8ad0af18326bda3c00b9ad21ac44cc6491dca1e41270f4a9be25e45a84a4d
SHA512

92563c56b1cf1fa1d8f035f51f4cc2cf0c5fdc8e6fb52dfd70e5cd68a1b4e9e08597b1bf71d3be1bbcf02750c811259bd6ddaacf01df645e05c53a4bafa07820
SSDEEP

3072:6qHfoK3SRbQGl+mk5faXPCn3X3OJMYmac4ukUVsIILIogGm:6cz6tcmk5SfCn3uaYm94utsII85Gm

Score

10^/10

rat jj formbook

Malware Config

Extracted

Family

formbook

Version

3.7

Campaign

jj

Decoy

raproll.com

kombipack.com

dhl365.com

vhoxda.men

zisigui.com

i-o.ltd

serenitynowcafe.com

huntsafety.com

caquciqu.com

novoflexled.com

54smg.com

bintrade.info

34f7j3k.online

wwwjs80088.com

lifestylestimes.com

gradientdecisions.com

h-v-s.com

eternallybound.win

nafa.ltd

veteransusa.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b51391defb5667047230eed1f8860d5_JaffaCakes118

Files

4b51391defb5667047230eed1f8860d5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 162KB - Virtual size: 161KB

.text
Size: 162KB - Virtual size: 161KB