formbook | JaffaCakes118_5f2520e604b55ea107f6b134e288755b7b85b690284345b8e08227e3d41a4de8

General

Target

JaffaCakes118_5f2520e604b55ea107f6b134e288755b7b85b690284345b8e08227e3d41a4de8
Size

179KB
MD5

716e76a4b87f194c525bc2264a86201a
SHA1

4e93a4e387c691beee5153b4343534254aad7a8b
SHA256

5f2520e604b55ea107f6b134e288755b7b85b690284345b8e08227e3d41a4de8
SHA512

487732c43072442eaa9d7e7fb6fa149542e8419ced43a43e93513b42966a093de965775520543e0b52392d15f0e28cdee0d8c7129b957ed1d0039af0d7c35876
SSDEEP

3072:GVwYDs6bS+UUuNQ39Gvgrx1oGHc3P2BImBwT1HvQfwjHQOc2EfAtC9CgEHBrlo:GVwwT6DyIGDoG8ErBwT1HZDQB2EfSbHw

Score

10^/10

rat rs26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs26

Decoy

amazon-review.info

17kaihuiba.com

timeableholdings.com

techvestorsmultifamily.com

rokketsoftware.com

abbigliamentoagricolo.com

artjiayi.com

smooouse.com

lightcastwired.com

bravuad.com

mr133.com

clubfitdartmouth.com

masturbation-stories.net

yedekparcatreni.com

pureologyrising.com

goodsystem2updating.download

fn4pk8p0o5.com

climatechangersofny.com

shuangxian023.com

lxiuot.men

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5f2520e604b55ea107f6b134e288755b7b85b690284345b8e08227e3d41a4de8

Files

JaffaCakes118_5f2520e604b55ea107f6b134e288755b7b85b690284345b8e08227e3d41a4de8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 174KB - Virtual size: 174KB

.text
Size: 174KB - Virtual size: 174KB