formbook | JaffaCakes118_4fb660ee69dd58435f791b50bd70e2105c832014a9d6522bc8d820a809096883

General

Target

JaffaCakes118_4fb660ee69dd58435f791b50bd70e2105c832014a9d6522bc8d820a809096883
Size

188KB
MD5

559b344ccba4a9c4e46ec6ef1e86ffc2
SHA1

714daf1e6c59e9c68cdd27a3e6386126333d7e37
SHA256

4fb660ee69dd58435f791b50bd70e2105c832014a9d6522bc8d820a809096883
SHA512

61998ed28ba0acd982fa43196ff9125357942a1fbeeb23c0f2d5b98691e0f66e6f8918d32d0f09530119aa4fa8341be8c17f3a15ce099d0162238635266ce4fc
SSDEEP

3072:coPvokhablUEKi3dF7W3rJu6DnR4FDnZ2EAT9wMy7q3+Y/bz:MqUdFC3rQ6DnREd2EAxBSq3+i

Score

10^/10

rat s46e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s46e

Decoy

flooringcanvas.info

lebongou.online

imaizumi.tech

asisanat.com

twintwinohyeah.com

elevateoy.com

oliveapothecary.com

admiralx-ri.top

michael-brandenburg.com

outdoorfurniture.space

beinspiredtoachieve.com

lasso-lasso.com

volam2.top

coolnews2.space

fghmax.online

landspringy.info

andrewnemec.com

kjmbywalk.xyz

zl-wine.com

manhattanmaintenance.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4fb660ee69dd58435f791b50bd70e2105c832014a9d6522bc8d820a809096883

Files

JaffaCakes118_4fb660ee69dd58435f791b50bd70e2105c832014a9d6522bc8d820a809096883
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB