formbook | JaffaCakes118_3fa85f99a59babb348c7393e6e1fbe410daa82a76b2e6fb431a91d240675cab3

General

Target

JaffaCakes118_3fa85f99a59babb348c7393e6e1fbe410daa82a76b2e6fb431a91d240675cab3
Size

167KB
MD5

61e81ff632ab59a31407a43368df92ed
SHA1

8243d5b4b98954d96fc3aa008ab35e78a7343171
SHA256

3fa85f99a59babb348c7393e6e1fbe410daa82a76b2e6fb431a91d240675cab3
SHA512

ff49bc1b01db1e31e8e0d594b81b5d16211bd48e0115deecfb63441f579f045d36f54107b5e782871d5c8d38efa3be07969c5738244d474083ec734761de70f7
SSDEEP

3072:aORnt2PRnKyqyRiUHkZCmBDlOleUVYW3d9mnNWRc26wR3Ek76RGf:ayoTRfEZDDYlPVht4WSEyw2

Score

10^/10

rat ne formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ne

Decoy

scrabbedictionary.com

nona-kids.com

anthonyducapo.com

dzhyslsd.com

a87870.biz

sediradasi.com

generaccessoriesforsale.com

hara.ltd

munchygirls.com

tonyprecision.com

guoideals.com

alwadoodsuiting.com

localseojuice.com

codexphp.com

911front.com

abstracte-toni.com

impactofhome.com

rawhairebook.info

yturkturbanli.date

mycupofcozy.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3fa85f99a59babb348c7393e6e1fbe410daa82a76b2e6fb431a91d240675cab3

Files

JaffaCakes118_3fa85f99a59babb348c7393e6e1fbe410daa82a76b2e6fb431a91d240675cab3
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB