formbook | JaffaCakes118_37e8b0c03f43e4827b53768f9a93e24cc67371e1d67ebc59f5f87ddee5d4d208

General

Target

JaffaCakes118_37e8b0c03f43e4827b53768f9a93e24cc67371e1d67ebc59f5f87ddee5d4d208
Size

188KB
MD5

93160bc7348a9d1909a6b309ad1cc648
SHA1

0318573f79b3fff73881714f228c30e57bb19207
SHA256

37e8b0c03f43e4827b53768f9a93e24cc67371e1d67ebc59f5f87ddee5d4d208
SHA512

9bb7adefdd1ad008da611686d880c2772552ffcbad27a0b2a02106d8870ecd428ccd37d2baaebb475c26d91173dbd6ec133ced6f4816365e9043b1802ae40332
SSDEEP

3072:dcPbbEMSzDUVFFz3k5VTgH6QzEYxk8hafd5+Gtf5mEw5:sPTbk/w6QzEYxha/5tf5

Score

10^/10

rat t0r3 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t0r3

Decoy

virginia592.com

gadolant.com

littledivabows.com

smartsource.group

4diyibanzhuvip.xyz

apecoinevent.info

gregorylongoria.com

cyrjar.com

yisheng22.com

bilisu.com

acastino.com

socialvirse.com

hongkouwx.com

pinturasacuariocelaya.com

alphashielding.com

circuit-cambodge-laos.com

brianbisaccio.com

movil-internet-fibra.site

local-miciiolimpici.com

sr-ilustrado.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_37e8b0c03f43e4827b53768f9a93e24cc67371e1d67ebc59f5f87ddee5d4d208

Files

JaffaCakes118_37e8b0c03f43e4827b53768f9a93e24cc67371e1d67ebc59f5f87ddee5d4d208
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB