formbook | JaffaCakes118_c148222408ad776958318b52fb9a64b0c0898753138e0a00b1c1906ba5e78c53

General

Target

JaffaCakes118_c148222408ad776958318b52fb9a64b0c0898753138e0a00b1c1906ba5e78c53
Size

188KB
MD5

c12638d05f575bbfaee36a8613cce072
SHA1

f8633a4fb8fefbce801b3868f0970f5e429340db
SHA256

c148222408ad776958318b52fb9a64b0c0898753138e0a00b1c1906ba5e78c53
SHA512

0e8259f4c0cfda60284959523d1b61af1310673901048eab8a7ff7c2ecad24756e46a2ff4efe0704b7a2dbebe3472e604b4756c383c297947bceb44e0e59ce3a
SSDEEP

3072:OKHFExMDvMMe3VOSIVoq6xMPPqSnRE8/yGHFwVjnl:CW4VlI2q6xMnE8/vG5

Score

10^/10

rat ge07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

marytopia.com

pisha.shop

ceriraison.com

theshcc.com

louisvillepoolbuilder.com

fanthomes.link

quantum-plus.space

bentin.cloud

cloraste.xyz

bebothhumankind.com

vegoltv430.com

msiafteburnersse.click

designschool.live

oonrdelicate.xyz

supari.shop

mallorca-estate.com

mtvstorage.com

zhaoliao.store

wuduu.com

thuthiem-zeit-river.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c148222408ad776958318b52fb9a64b0c0898753138e0a00b1c1906ba5e78c53

Files

JaffaCakes118_c148222408ad776958318b52fb9a64b0c0898753138e0a00b1c1906ba5e78c53
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB