formbook | JaffaCakes118_9b3cb5bbb63e700359d2382658ce9b90cc93ea4024ee59bab888b406a7f59040

General

Target

JaffaCakes118_9b3cb5bbb63e700359d2382658ce9b90cc93ea4024ee59bab888b406a7f59040
Size

188KB
MD5

f6abdce792c51319441f73423f52616d
SHA1

1620cc6536fb615f366f0fca43f8ff2f8aca72b1
SHA256

9b3cb5bbb63e700359d2382658ce9b90cc93ea4024ee59bab888b406a7f59040
SHA512

2c06e6d28e9d47e87089735e433f5a91b851b0807b95f70782320f87122d89da1ca7d5c0c3b1adef71c46118b7f561304cc87392a1c3621bcf5f8a70827df0c3
SSDEEP

3072:mD1tEiYlJIPv3k6SGr32mJK0cRiz1DFxZVaBVOpLgl8WI:09vkxqJK0cRcDFVuYLgl8

Score

10^/10

rat mi08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi08

Decoy

mytimebabes.com

ycpxb.com

abdkaplani.com

cloudingersoftech.com

fthfire.xyz

christyna.work

3d-add-on.com

knowyourtechdeals.com

kcl24.com

sepatubiker.com

sunnyboy.live

zrbsq.com

rinpari.com

lesac-berra.com

yes820.com

cnnorman.com

mystichousedv.com

sbobet888auto.com

gawiul.xyz

luispenas.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9b3cb5bbb63e700359d2382658ce9b90cc93ea4024ee59bab888b406a7f59040

Files

JaffaCakes118_9b3cb5bbb63e700359d2382658ce9b90cc93ea4024ee59bab888b406a7f59040
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB