formbook | JaffaCakes118_08698dc796dd953a3468d93045f113358aff328472ba0c576f52ed87c3915ed4

General

Target

JaffaCakes118_08698dc796dd953a3468d93045f113358aff328472ba0c576f52ed87c3915ed4
Size

188KB
MD5

b14a79e64e86af5371e84c2b63611b37
SHA1

74391e33f128e69db49dcc0d4e89ccac84e2fa55
SHA256

08698dc796dd953a3468d93045f113358aff328472ba0c576f52ed87c3915ed4
SHA512

c43e00a8a480790471d4eca380aed8871a0914e1220ead9df4d55dd0eac922e11293c696c656cff274a0fad0dfa0534169afae4cdc4c7c312214124ec0a47ab3
SSDEEP

3072:hPSGkswvunpHYC3s2klhNhh6rY/Rl+QLFgYRk/XCuFD0Ko2OxA:6vt0sjh6rY/OQZkquSKc

Score

10^/10

rat f43e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f43e

Decoy

caiyi58.com

sonjoirhealth.biz

desertcleanpro.com

neorevolution.ltd

rocketconsumer.xyz

usnorthsideparts.com

shairacademy.com

checkloop.xyz

jeffthickman.com

mobifonecare.com

waafbox.com

nextiot.xyz

lotteryvegas.xyz

lamsaradio.net

plan2.xyz

seekerblogs.com

gftj9dc.sbs

mariobaburic.com

conimeexe.com

alkapon.biz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_08698dc796dd953a3468d93045f113358aff328472ba0c576f52ed87c3915ed4

Files

JaffaCakes118_08698dc796dd953a3468d93045f113358aff328472ba0c576f52ed87c3915ed4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB