formbook | JaffaCakes118_70e5a079b5d325c44c6c51e6b7a17a2726bbc2750ef3a3a45eb472e9a0cd817a

General

Target

JaffaCakes118_70e5a079b5d325c44c6c51e6b7a17a2726bbc2750ef3a3a45eb472e9a0cd817a
Size

188KB
MD5

b12cebace50fcaed087de31b992a89fd
SHA1

c0d4094a2c20cdd41fa8874e696da2d156b85105
SHA256

70e5a079b5d325c44c6c51e6b7a17a2726bbc2750ef3a3a45eb472e9a0cd817a
SHA512

3ed1a32b4ddd13a8d5d7b0495b055b274c6b6273fef4bcd735b92b638e9a269140d6580d1a9a1d474e87180a3858312a454f0c581b7b72df79581dd365806031
SSDEEP

3072:nB1YoArBkTkxF3y0m3amtnrpqG2j4hdkapuplXMlpyWtmIXp0QMBCFF:aUkQa2n9qxj4zkOuplXqpy5IXpT

Score

10^/10

rat g24i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g24i

Decoy

alanaregencygroup.com

thesecretheart.com

osdpverified.net

localdasorte.online

whiskeyhousetexas.com

kennedy.movie

sistemaeletriconacional.com

amandalindenmkd.com

mendhamswimming.com

3348t.com

darrellwootton.com

brahman.life

tamchiase.com

ldvvq1kv0.xyz

samhangeumsan.com

reewe.site

blockmend.xyz

agape-love-garden.com

amandaredd.com

lighthouseprojects.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_70e5a079b5d325c44c6c51e6b7a17a2726bbc2750ef3a3a45eb472e9a0cd817a

Files

JaffaCakes118_70e5a079b5d325c44c6c51e6b7a17a2726bbc2750ef3a3a45eb472e9a0cd817a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB