formbook | JaffaCakes118_376ff52026781a4236371876a4237d06c9a026819c6b2169264f3dde49c4b477

General

Target

JaffaCakes118_376ff52026781a4236371876a4237d06c9a026819c6b2169264f3dde49c4b477
Size

188KB
MD5

8d445b1f668317a7041d5b9442fc0c66
SHA1

b8fa1622e9797c8a2a85620afad8d4fb9f9e54ff
SHA256

376ff52026781a4236371876a4237d06c9a026819c6b2169264f3dde49c4b477
SHA512

bbfd97c21861f50663030a966f0048abd8a5df1e9ea6d58f05edfe4cd21f0f2ee584a460b3770697532a966b4d0d5dcec61c38f61c77e7529b8f47c98b28222e
SSDEEP

3072:HeaGhyiEfNS26oAFr3V+9KDw6Ha9i5RHXOdcVw81yq9UBfFa+ekC4Qg:5S/DVOAa9i55XO2VJU1F9Uf

Score

10^/10

rat dn19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn19

Decoy

tractorts-corporation-spzoo.com

analiisajakobson.com

augmentbrood.com

afferwatsales.com

thewealthline.com

landdominican.com

afrolezks.com

ivycleaners.com

canterburyabacusbells.com

hc5e1uokgd55c.xyz

nanjtgw.com

nnh3.com

nicholasgiemsa.com

manawatiaamatariki.com

pnqmt.com

arrayas.online

hc7131.com

qxgzpx.com

outhousela.com

skarwallet.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_376ff52026781a4236371876a4237d06c9a026819c6b2169264f3dde49c4b477

Files

JaffaCakes118_376ff52026781a4236371876a4237d06c9a026819c6b2169264f3dde49c4b477
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB