formbook | JaffaCakes118_ca4cdfe29930db4863b2b59ba24caea0ce4ed86b9f9ef3bd8dd9149e92de0025

General

Target

JaffaCakes118_ca4cdfe29930db4863b2b59ba24caea0ce4ed86b9f9ef3bd8dd9149e92de0025
Size

184KB
MD5

59b0988c97e89c08794b50557abf74f6
SHA1

944e8ed30f00ad4902a7c549834e7acb17ccf1ba
SHA256

ca4cdfe29930db4863b2b59ba24caea0ce4ed86b9f9ef3bd8dd9149e92de0025
SHA512

835888b202700a6c639acfa147bb779be8e8e6920f043829170c61f38c7773be625adc142e8819851aa41142376d4ac90c7116a66dc3fce91ff537d7174db9a7
SSDEEP

3072:hU2XQegzNz7ZZJ6SZBm7FUTT5hLKc86+l56oLJCRbzmiPXjjg:8HZTZBmRyLKc86+r6oFZiPH

Score

10^/10

rat g0ib formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g0ib

Decoy

prospectminer.com

generatorrobux.com

cscec4bs.com

domain-here.com

estatson.com

albaiarq-logistics.com

jardindeldurazno.com

dirtsells.com

betterned.com

tdapshot.com

tecnobankhn.com

idconceptos.net

lilishenghuo.net

wewritechinese.com

clxkxmb.com

beautybychantol.com

lifeofaroma.com

nuclear-news.com

209-23-88-12.com

ralphlaurenmenshirts.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ca4cdfe29930db4863b2b59ba24caea0ce4ed86b9f9ef3bd8dd9149e92de0025

Files

JaffaCakes118_ca4cdfe29930db4863b2b59ba24caea0ce4ed86b9f9ef3bd8dd9149e92de0025
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB