formbook | JaffaCakes118_7df988b51db9a04ca7b751e8e93f3f1316d17bfe7e080b8104d14d1961c40f11

General

Target

JaffaCakes118_7df988b51db9a04ca7b751e8e93f3f1316d17bfe7e080b8104d14d1961c40f11
Size

188KB
MD5

d7912076f56c0cba87fe1241d32db3d5
SHA1

0f048312f7d459aadcda20b83d4cccbbe33310c1
SHA256

7df988b51db9a04ca7b751e8e93f3f1316d17bfe7e080b8104d14d1961c40f11
SHA512

e43bdab2aa155c85a398650db5878c50826ed1f141110310082b827b084e39d152352dad41f6ddfb0c0aa84aceff4707ec6c0031b45fa7d96224aa9713548635
SSDEEP

3072:yLREP/IoOeFr3qtQhIkyJaVRLTaGD1kJ8chALIyM60Ha2Gbem:JGYDqWhI3JaVRLTaGJg8lLFt062Qem

Score

10^/10

rat yy48 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

yy48

Decoy

astroneir-design.com

python-tutorial-videos.com

jwxx.xyz

notesfunda.site

obsessivecraftingdisorder.com

vezrot.online

hazardi.online

mvptrading.online

wanchuangjinfu.com

nuegun.com

suntoo.top

pikapool.xyz

intrepid.international

superstitionspringsbrewing.com

kollektiv24d.com

porn7897.xyz

lovestore102.online

nyran.net

tyc78.xyz

niche-institute.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7df988b51db9a04ca7b751e8e93f3f1316d17bfe7e080b8104d14d1961c40f11

Files

JaffaCakes118_7df988b51db9a04ca7b751e8e93f3f1316d17bfe7e080b8104d14d1961c40f11
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB