formbook | JaffaCakes118_feb0a312955bc87321ea2b1cc2183e2c9b70f9cef76b4b96b22d54ed9f54b64e

General

Target

JaffaCakes118_feb0a312955bc87321ea2b1cc2183e2c9b70f9cef76b4b96b22d54ed9f54b64e
Size

188KB
MD5

b461fff8617827b043c3e8579e130ed8
SHA1

779661c5999571f887233fd3a2ec4315d0dddd55
SHA256

feb0a312955bc87321ea2b1cc2183e2c9b70f9cef76b4b96b22d54ed9f54b64e
SHA512

5403eaae0703313a405dcc524ab5af2e7beb1000c6bdf62013bccb19e717ccfe3fb4ec0530e3ff135bebd1b22e6be5a489b03c1d4154ab846bac02ad469e04d0
SSDEEP

3072:gYCwXkVoG2nIs73Dw5K58T666dlqCB4GQ9XYsLpyot/V7:soTTDQmu666dl9xQ9XY0y6/V7

Score

10^/10

rat oh75 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

oh75

Decoy

denizgidam.com

6cc06.com

charlottewaldburgzeil.com

medijanus.com

qingdaoyiersan.com

datcabilgisayar.xyz

111439d.com

xn--1ruo40k.com

wu6enxwcx5h3.xyz

vnscloud.net

brtka.xyz

showztime.com

promocoesdedezenbro.com

wokpy.com

chnowuk.online

rockshotscafe.com

pelrjy.com

nato-riness.com

feixiang-chem.com

thcoinexchange.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_feb0a312955bc87321ea2b1cc2183e2c9b70f9cef76b4b96b22d54ed9f54b64e

Files

JaffaCakes118_feb0a312955bc87321ea2b1cc2183e2c9b70f9cef76b4b96b22d54ed9f54b64e
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB