formbook | JaffaCakes118_df8ee1ee7fffd131ae6923f3b83ab27c98b91b7fbd5896d8f98491cada9153e9

General

Target

JaffaCakes118_df8ee1ee7fffd131ae6923f3b83ab27c98b91b7fbd5896d8f98491cada9153e9
Size

184KB
MD5

21ac4364163b792e5a10b788b390f2cb
SHA1

28b915b18677031ea463a03e7f0e44b4cf17430f
SHA256

df8ee1ee7fffd131ae6923f3b83ab27c98b91b7fbd5896d8f98491cada9153e9
SHA512

dea00f818a107147c9e16204f374b2656e0c99caae7262ac981b38a9288237d49be3a7e4e263d1c68bcab0fbf963131982561f1cf4b1e1363ced228f4b044d31
SSDEEP

3072:dqY2OZ2ZJcvzzzwE1b8OOeD7fxj7QPvcrhHR8/uR2n:/2y8Ex3O27fxj7QPkrhRouon

Score

10^/10

rat odse formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_df8ee1ee7fffd131ae6923f3b83ab27c98b91b7fbd5896d8f98491cada9153e9

Files

JaffaCakes118_df8ee1ee7fffd131ae6923f3b83ab27c98b91b7fbd5896d8f98491cada9153e9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB