formbook | 57c88bc5decb0704871464e6444ab639_JaffaCakes118

General

Target

57c88bc5decb0704871464e6444ab639_JaffaCakes118
Size

167KB
MD5

57c88bc5decb0704871464e6444ab639
SHA1

3d153956f9cb278e400d5c1ec8ffb7ceb11fd668
SHA256

9c7d406369303ff67f47268c86b7ef94fe3a953133c8865bdd5caab09b526f50
SHA512

c211b054acabfe394416abd23e03e1f9af3be5b48e6f05327eea7aab94103e75479718bff26c7b0867d0bb9a4f7d2dafdbb9499aaa503706d76088807217315a
SSDEEP

3072:qqzle+c1kF3GqzZrJXog9nTjaY70vEslNckApoHVaBXUwPiLJZ:BOkDhJXV9TjaYo8pAYBXUwKL

Score

10^/10

rat mr formbook

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

mr

Decoy

kaitorihappy.com

locationmaisonbretagne.com

babyfactorydirect.com

arcticsurgicalgroup.com

togethergame.net

workflexibility.net

classifieds4all.com

leticiadetoni.com

eth316.com

siapapunya.com

bitcoinwissen.com

cdrbzxx.com

lrselectrical.com

mylsxd.com

nacimprint.com

824qrq.info

artdelaseduction.com

premiumglassdesign.com

0y0twosuper.loan

allallies.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
57c88bc5decb0704871464e6444ab639_JaffaCakes118

Files

57c88bc5decb0704871464e6444ab639_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB