formbook | 90ec41ec1f9f17b6eb323014bffadffa_JaffaCakes118

General

Target

90ec41ec1f9f17b6eb323014bffadffa_JaffaCakes118
Size

167KB
MD5

90ec41ec1f9f17b6eb323014bffadffa
SHA1

f46ba747d3a4c2370d1de2fc1e3ce41ece329256
SHA256

c6a8023f77edc22c050989a8c3abccdc8ed2af9b21cc5ee7a410727ebe9031b5
SHA512

b5d0890ebd2ac45ec86e125f8f34bf0b055618cd889500c618512b2a99fa9b03a2508e78cd9f6344f10ebf56b7472f877b888adac4c07e31ef2356137d2328d9
SSDEEP

3072:WRVM4Sc7yoRCZoqAlTuyLEhR6t2Wr6KelMO/k5xB9yB70AJ5JT:W04/yoy+TuAa64WeS/f9yp0AR

Score

10^/10

rat hu formbook

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

hu

Decoy

zejmuh.men

mty-inv.com

502fm.com

ghwuxk.info

fromseato.com

rainingsushi.com

themascaramom.com

potomaclearning.com

locusorigin.com

stitch4yu.com

cymbidium.win

checksocialid.com

allpeliculad.com

mattertutor.com

downloads3.com

xn--vk5b15ma554c.com

paperson.info

planetnstars.com

themarketstudios.com

kissgem.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
90ec41ec1f9f17b6eb323014bffadffa_JaffaCakes118

Files

90ec41ec1f9f17b6eb323014bffadffa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 162KB - Virtual size: 162KB

.text
Size: 162KB - Virtual size: 162KB