formbook | JaffaCakes118_d844221b683b4308b60fe80e23e6e3e618e07d36381b03da746e580e805d1814

General

Target

JaffaCakes118_d844221b683b4308b60fe80e23e6e3e618e07d36381b03da746e580e805d1814
Size

184KB
MD5

69e3eeb9aa3ac4205af8f0f208695728
SHA1

6f2471893a80f549e3692774325db9f13215e5cb
SHA256

d844221b683b4308b60fe80e23e6e3e618e07d36381b03da746e580e805d1814
SHA512

645d640971f36cb1225eafb30e21ffc90237e95c110574c463b86784f7c6bd6158a3c28d48b1f5dc40ecd2fcb32ee1f504d9134ecfc118b88f592fb213e52b60
SSDEEP

3072:rXvvxUvD7nWrUZNmunEWmM2awFdCb/VXTtYAfs9c/C+LpX3:ro3MeNmgEWIawFdCbhJYA9C+L1

Score

10^/10

rat private formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

private

Decoy

mikexcore.com

applesio.com

anytime-shop.net

angelicpriya.com

levyursusarttoys.com

pradasuryacv.com

diciasetteonline.com

origincoffeeliqueur.com

kreativekreationsllc.com

xuamo.com

vrezvrez.com

zzzttt17.com

cpairygodmother.com

airbakutravel.com

surayaakbari.com

evchargingdirectory.com

designerdreamscapestile.com

fujota.com

retovida.com

ofertaslacumbre.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d844221b683b4308b60fe80e23e6e3e618e07d36381b03da746e580e805d1814

Files

JaffaCakes118_d844221b683b4308b60fe80e23e6e3e618e07d36381b03da746e580e805d1814
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB