formbook | JaffaCakes118_3a4a92d39ed39493a114f3d78dc2bcc23b7800fba83b6c9c15729b6f8ea81eb7

General

Target

JaffaCakes118_3a4a92d39ed39493a114f3d78dc2bcc23b7800fba83b6c9c15729b6f8ea81eb7
Size

168KB
MD5

8337c12ae55bd17a8eda7a6fcb7bed4d
SHA1

bd03feafdf90bc73a627ce151786a65cc33d09f5
SHA256

3a4a92d39ed39493a114f3d78dc2bcc23b7800fba83b6c9c15729b6f8ea81eb7
SHA512

d7d98fd101d72369745f94762c3a51ab4a5d2552c7895f9556bb940b7f829e4da2f9f12c89a8f1c4848a4dc2a7aebaaf12ddd37ef264be5dea8a62949e92b55b
SSDEEP

3072:T5pgM+HPaNf8JoQk+7jpQjYLiWU1eH15fYHbdDupD4:x+yxQv5QjYLiUzf+pd

Score

10^/10

rat or09 formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

or09

Decoy

rieymbkp2a4h.com

amour.ink

houses-sitges.com

aixieclub.com

lsnlny.com

xn--9i1bt4ghscw7ruyctub.com

oefeuig.com

ultimateimpactmovement.com

spendabit.online

successenemies.com

neuwiederknuspermarkt.com

goldentouch.online

projetovisto.com

liuzhouvr.com

vmeiwu.com

w108developmentllc.net

homeremodelsplash.info

wundarbalm.info

enjoyingsunset.review

gannettinsites.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3a4a92d39ed39493a114f3d78dc2bcc23b7800fba83b6c9c15729b6f8ea81eb7

Files

JaffaCakes118_3a4a92d39ed39493a114f3d78dc2bcc23b7800fba83b6c9c15729b6f8ea81eb7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 163KB

.text
Size: 163KB - Virtual size: 163KB