formbook | JaffaCakes118_0d02cf480fe3cee2a429db1c78512fce985efb9ff4a0223f4c5c0cd1f09d53c8

General

Target

JaffaCakes118_0d02cf480fe3cee2a429db1c78512fce985efb9ff4a0223f4c5c0cd1f09d53c8
Size

188KB
MD5

f3ca7f25f107a5a63c274486ec232e04
SHA1

9e8579cd4264b96565f62bdfa322ec2e728658d1
SHA256

0d02cf480fe3cee2a429db1c78512fce985efb9ff4a0223f4c5c0cd1f09d53c8
SHA512

ab624b173685e2a226292bdf8280171007626deb450244e6d9c57a16341058acb2d9cf3f07f8bea372a1df0b8209ee18246f972214e75948597440db85126d18
SSDEEP

3072:c+4E7NJPMdC3/22+rfKI81wWn+a96IFLFt7TOWadIViRarteXe:XG0/+zKI81F+G6IfvadIVpQe

Score

10^/10

rat g2m3 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m3

Decoy

stocktonfingerprinting.com

metaaiqr.com

junicy.com

libertymutualgrou.com

jklhs7gl.xyz

alex-covalcova.space

socialfiguild.com

drnicholasreid.com

androidappprogrammierie.com

relatingtohumans.com

jitsystems.com

gbwpmz.com

lesaventuresdecocomango.com

wu8ggqdv077p.xyz

autnvg.com

wghakt016.xyz

lagosian.store

hilldoor.com

oculos-ajustavel-br.xyz

nameniboothac.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0d02cf480fe3cee2a429db1c78512fce985efb9ff4a0223f4c5c0cd1f09d53c8

Files

JaffaCakes118_0d02cf480fe3cee2a429db1c78512fce985efb9ff4a0223f4c5c0cd1f09d53c8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB