formbook | JaffaCakes118_2646aeaf3493dbbebce1da0c2925251329ef17302c856b5a817f111e2c4541a6

General

Target

JaffaCakes118_2646aeaf3493dbbebce1da0c2925251329ef17302c856b5a817f111e2c4541a6
Size

188KB
MD5

637215705b675ab8085537c2b48186d4
SHA1

6db16c716b58c1988e74046add8707ccd9f94f17
SHA256

2646aeaf3493dbbebce1da0c2925251329ef17302c856b5a817f111e2c4541a6
SHA512

95f72a0e43eddbda7e1f28f35b040936e0aa641df177ce506ff6547c33fd1e4c6bb87f75ed85232a60ab3ebd6e7315283dd6b321a21ef5aab1e557c10807eb06
SSDEEP

3072:1wm56kFkOEQ3+E13JDQjVZq5Q/3Rdlz8skm/x3Lp57mp2j:oqZJsvq5Q/3Rdaskm5bb7mU

Score

10^/10

rat sn31 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn31

Decoy

matsuomatsuo.com

104wn.com

bolacorner.com

dawonderer.com

yourpamlano.xyz

mtzmx.icu

lepakzaparket.com

barmagli.com

danta.ltd

marumaru240.com

people-centeredhr.com

test-brew-inc.com

clairvoyantbusinesscoach.com

aforeignexchangeblog.com

erentekbilisim.com

gangqinqu123.net

defiguaranteebonds.com

thegioigaubong97.site

vaoiwin.info

vcwholeness.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2646aeaf3493dbbebce1da0c2925251329ef17302c856b5a817f111e2c4541a6

Files

JaffaCakes118_2646aeaf3493dbbebce1da0c2925251329ef17302c856b5a817f111e2c4541a6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB