formbook | JaffaCakes118_c1250c3549cc0aabbc42c9385af83411f4ec2cf1a8862ec5c5870e243157c63f

General

Target

JaffaCakes118_c1250c3549cc0aabbc42c9385af83411f4ec2cf1a8862ec5c5870e243157c63f
Size

188KB
MD5

b6320acb5ec43f0c8194254f68ad0e06
SHA1

cb0c1fc63f59e3fa7d77fae7c1139096c1cc76be
SHA256

c1250c3549cc0aabbc42c9385af83411f4ec2cf1a8862ec5c5870e243157c63f
SHA512

80262335b9599601b3176fb40a2e732fa55be64616eee865a07f28a77c9f4f51f9a61092ba86709ac0fca3d007da7b7a733450173e3e5f03212d7b69270d6c19
SSDEEP

3072:/i/49Jkhu1S+l6Yb3WhTSxuHqOK+nMCbbKEw0sblDysY+7CD9a:a0W9rYzWZ/qOJnMub00sblD7I

Score

10^/10

rat g3t1 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g3t1

Decoy

369manifestwealth.com

centralfloridadecking.com

wareadvance.com

hellobody.net

housemaker.pro

kudoki.net

peakadventures.net

liquidscreeds.world

corebenefitsconsultantsllc.com

housecondonow.com

xn--ah-kta.com

evolv3-consulting.com

78688653.com

truthvanguard.com

locarte.online

eighthoursandchange.com

polskebojnom.xyz

quaypottery.com

raintechsg.com

westpac-cancel.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c1250c3549cc0aabbc42c9385af83411f4ec2cf1a8862ec5c5870e243157c63f

Files

JaffaCakes118_c1250c3549cc0aabbc42c9385af83411f4ec2cf1a8862ec5c5870e243157c63f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB