formbook | JaffaCakes118_3ad9c4cadd6124a50a386a615e31e7c1bffd069026e298f4dd611622946de74d

General

Target

JaffaCakes118_3ad9c4cadd6124a50a386a615e31e7c1bffd069026e298f4dd611622946de74d
Size

188KB
MD5

f573e61f7104f403780b992404e69470
SHA1

e0e81995735b2760c9aefc56eb32e65ee799f057
SHA256

3ad9c4cadd6124a50a386a615e31e7c1bffd069026e298f4dd611622946de74d
SHA512

c64d8ad17f1bd0fdb9b69efebf73e38a7ab04ab4a0b09b572715287dac388c73472f9baab07d646cd57aa236a65799e3c9abc43e0ba25f44f457f239c0d28f5d
SSDEEP

3072:r0z8k2ga0dqI3DiUGCajZxPUTY9yfjALBns2geo0d+br:PnGD7XatxPUTRem2r

Score

10^/10

rat pd21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pd21

Decoy

engineerdanish.com

plgscholarship.com

mekpaulcreations.com

alquitodoeventos.com

monaco-life-tv.com

donisetiawan.com

intheoryes.com

lisabargman.com

yourearlybirdpasses.com

mknshops.com

overthetopmarketing.info

massagechairdeas.com

welldoneschool.site

fulgentgeneticss.com

faithfulgutters.com

theessentialnotary.info

scrubsbymanda.com

bootcamp-institute.com

ammescore.com

fashiontenor.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3ad9c4cadd6124a50a386a615e31e7c1bffd069026e298f4dd611622946de74d

Files

JaffaCakes118_3ad9c4cadd6124a50a386a615e31e7c1bffd069026e298f4dd611622946de74d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB