formbook | JaffaCakes118_e50bce54a7b2fd497b549b65e022f65f7c060d02eaee0a91a3a36e7dbebdbaff

General

Target

JaffaCakes118_e50bce54a7b2fd497b549b65e022f65f7c060d02eaee0a91a3a36e7dbebdbaff
Size

188KB
MD5

b0896888b21e9df0c29cb34589f58d79
SHA1

1b669d6a63da804757f5c3de954a9b3752226bbb
SHA256

e50bce54a7b2fd497b549b65e022f65f7c060d02eaee0a91a3a36e7dbebdbaff
SHA512

87d82e9ce44633b4851114ce3188856795649dd64268407041c848c4b818710cd979f8cfe236cb20faf1ebce77a96dab5007ccd98656ddce940adc15ac9fcfb1
SSDEEP

3072:4i6EXc7ljKOn36PK+ofqJzmUcL5m7IaoN0NITzG6d8mdDNFW:5dG6ShqJzmUcL5mQfld8qDNFW

Score

10^/10

rat r75h formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r75h

Decoy

rethinkmycountrylife.com

hs5ae.xyz

boylesports.xyz

totalenergiesistasyonlari.com

supportukraine-pic.com

koi-ch.net

lakemurrayhomes.net

betvoxel.com

fullstarscoin.com

efablueprint.net

astrogeop.com

tiyu372.net

autoeco.pro

cleanupnet.com

mybooktimes.online

annnabeysurvey.com

termscaseplaces.biz

varildolum.com

javideejay.com

jszfcgbx.press

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e50bce54a7b2fd497b549b65e022f65f7c060d02eaee0a91a3a36e7dbebdbaff

Files

JaffaCakes118_e50bce54a7b2fd497b549b65e022f65f7c060d02eaee0a91a3a36e7dbebdbaff
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB