formbook | JaffaCakes118_177b1123a0791dfa17663663523a5d344521fbf25b837a0e0e26dbb04c015c7c

General

Target

JaffaCakes118_177b1123a0791dfa17663663523a5d344521fbf25b837a0e0e26dbb04c015c7c
Size

188KB
MD5

89f04375f6bdfa3771d7bb470b9284b2
SHA1

dacf2d4d8b5bb69c60111b1e925842da0d68a494
SHA256

177b1123a0791dfa17663663523a5d344521fbf25b837a0e0e26dbb04c015c7c
SHA512

f4817bf903c968f50e7c082626d50b65e86b3e0c20eba5ff3f526808fcd48a63a4bc1bcf4933f72b53cceee092e68d793d95f818d8f40e9e0ddd84d1ec156897
SSDEEP

3072:HWpOk0iSpfAwf3ReYdGrsal+doAf3Uua1Y6q2cYFZ6/3:0WfRTdGgal+doAf3U1vvk

Score

10^/10

rat g25e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g25e

Decoy

2491254125.xyz

hookd.gay

uxmelange.com

startupvision3.com

evanwoosley-reed.com

uspalupdser.info

lx0599.com

grupoiaez.com

londonpapershop.com

cremas.store

risespec.com

olivierverdoyant.com

creatednow.com

epicureanhometreats.com

iqijp.com

vcraftboutique.com

furnaristudios.com

dealsgolf.com

djwoojs.com

boatslave.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_177b1123a0791dfa17663663523a5d344521fbf25b837a0e0e26dbb04c015c7c

Files

JaffaCakes118_177b1123a0791dfa17663663523a5d344521fbf25b837a0e0e26dbb04c015c7c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB