formbook | JaffaCakes118_0a3dcb419d558adf7e5dbb34d9810367d00a6c09cbf57c3ba1038c8abe12d6bf

General

Target

JaffaCakes118_0a3dcb419d558adf7e5dbb34d9810367d00a6c09cbf57c3ba1038c8abe12d6bf
Size

188KB
MD5

f7eb701ad0c576894987e8c8eeea02ca
SHA1

ceb5e9fd918257a7ced93ece0cbc3781e9d2cb99
SHA256

0a3dcb419d558adf7e5dbb34d9810367d00a6c09cbf57c3ba1038c8abe12d6bf
SHA512

81b1082ae86d9cd40f453e213fa54a13fb27ce708c08dff904dd97683bc2eea816e9f0c9ec46060db1abc2a78e1f800bd169dbfab61080b7a1324f04da1c4f7b
SSDEEP

3072:MhEtB7kKYe83b553q/a5l5V7KxfLsKpeCyuDz6P9/ZYJxDqH/:Lg5lqSnT7KxfLs7C09/ZYfeH/

Score

10^/10

rat sn12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn12

Decoy

tjwypt.club

lexisnexisrissk.com

hillsideschnauzer.com

thebeautifullifeofthearth.com

kaiverse.world

underscorestyle.com

www86516edu.com

gloryworksmn.com

mommoth.club

buxbuxro.com

collettebowman.com

westcoastcurecarts.com

hbwsjbc.com

mapharisacapitalholdings.com

wealthybistro.com

myfexer.com

meetthewinery.com

meronbiotech.com

theketoking.com

veolx.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0a3dcb419d558adf7e5dbb34d9810367d00a6c09cbf57c3ba1038c8abe12d6bf

Files

JaffaCakes118_0a3dcb419d558adf7e5dbb34d9810367d00a6c09cbf57c3ba1038c8abe12d6bf
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB