formbook | JaffaCakes118_e35b4240210c0ce36c037aee8df2d61298b3e769076bc8145fea07c5a4bcc5e3

General

Target

JaffaCakes118_e35b4240210c0ce36c037aee8df2d61298b3e769076bc8145fea07c5a4bcc5e3
Size

188KB
MD5

cd4217d431ad30f4eb7a3e3707e424ec
SHA1

2bbdeb698da5ee961e5023658bf5f5c1c529de00
SHA256

e35b4240210c0ce36c037aee8df2d61298b3e769076bc8145fea07c5a4bcc5e3
SHA512

3ec54e529935d369a04c14ab7707da92d6aa2876e870545f86b745173affae978f436c1d5b7c6b6b0c4f36808b2dd76c1cdc4e0d95b5d22151caca0a11ae0489
SSDEEP

3072:Icg7HTkBG7xBOF03F+Jg2vp2a2jkQPR1P5W6H6J/vl5hqzFH7:VGsaFyf2a2YQxgJnlHqzl7

Score

10^/10

rat gn27 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gn27

Decoy

perilunevc.com

kantogaming.com

stageyor.online

jixsux.site

dingmei2020.icu

savagesupplyco.com

deadstockllc.com

leyandfey.com

zjn22558800.com

projectupskill.net

outliersresearch.com

spaced.community

zschengbangzx.com

5gxzxxtax-ety7f.biz

iq0xe.com

6388xp9xg9k.com

hengyungdzz.com

retrosale.com

echt.global

canceltotalav.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e35b4240210c0ce36c037aee8df2d61298b3e769076bc8145fea07c5a4bcc5e3

Files

JaffaCakes118_e35b4240210c0ce36c037aee8df2d61298b3e769076bc8145fea07c5a4bcc5e3
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB