formbook | JaffaCakes118_470f69dc7b80ae3158420bd7b54fdda944a02fa15c4236686d5f81b5f72966d8

General

Target

JaffaCakes118_470f69dc7b80ae3158420bd7b54fdda944a02fa15c4236686d5f81b5f72966d8
Size

133KB
MD5

278074bd83a21419d1b7b8137c49483f
SHA1

576332f1e2e8e4fc95d8e7e1375e37e588c1e855
SHA256

470f69dc7b80ae3158420bd7b54fdda944a02fa15c4236686d5f81b5f72966d8
SHA512

fa30d5535ba27664acb849871ade961ae5cb1421cc34561b412ecb45c0af11fe0215edbcca461b06d9e9fbcef34d429a85ca350e3eae2d147d0dc82eda11d741
SSDEEP

3072:IBjbb836JtvJxIxvPQGNbXCCIPESllhpYdd5Yq7gHbxpEtQ13Pu4E:6Yq7U5QIbo8SDhGdPMHUtqPw

Score

10^/10

rat zvf formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zvf

Decoy

slimytrout.com

ericdykema.com

pennystanwayart.com

auliawijayadecor.com

iyundun.com

postforearn.com

xn--4dbaigbvbe5b1a.net

fishhousemarketandgrill.com

cqweb8.com

serverauthcheckmate.com

betterulasy.com

karenhoverrealtor.com

etigia.com

yinggehong.com

brandprtex.net

pusatcpanel.com

reidec.com

ajscghy.com

tvdajiang6.com

freightlogins.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/formbook.bin	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/formbook.bin

Files

JaffaCakes118_470f69dc7b80ae3158420bd7b54fdda944a02fa15c4236686d5f81b5f72966d8
.zip

Password: infected
formbook.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB