formbook | c1886aad16cdb96c44afd15dd3b7c3e3_JaffaCakes118

General

Target

c1886aad16cdb96c44afd15dd3b7c3e3_JaffaCakes118
Size

182KB
MD5

c1886aad16cdb96c44afd15dd3b7c3e3
SHA1

56eb0f07164b80a954bd5167c1bada4ab4cd0b5e
SHA256

09715a97873a089c9dc80219175d50508628f4f794639c2e725bad85d68804c2
SHA512

458a816cce9298ae174033fada534e6588a0d98e732eb0e07b72ee8ec77974e9850f071638d0fd5eddd62163e54cce072b2fb038e058429128dfa6f69ef703c9
SSDEEP

3072:3Q6w59/XzVwOIpEuvNkBwYyLqaN+ieCofGwc1t/c0fel:WHwOoEu1kBw1L5cienON/cOU

Score

10^/10

rat nins formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nins

Decoy

myguysplumbinglv.com

thesweetlemonhotels.com

samana-france.com

hmxhzy.com

dkdhealthcare.com

nasamet.net

jblangconsulting.com

hcljl-kcdf.xyz

oacademy.online

phoenixartprinting.com

my-wellnessportal.com

abzahri.com

levelonejo.com

bazaarline.net

soughandhikharesorts.com

nonbirimama20816.com

jesusnoless.com

demoswav.com

frontierglassgrandisland.com

inspirationaltraveler.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1886aad16cdb96c44afd15dd3b7c3e3_JaffaCakes118

Files

c1886aad16cdb96c44afd15dd3b7c3e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 178KB - Virtual size: 177KB

.text
Size: 178KB - Virtual size: 177KB