formbook | JaffaCakes118_ee5afb1147c55bf84fc7fcd410e3fd8eef578f8472d72b66021c0244d4745fff

General

Target

JaffaCakes118_ee5afb1147c55bf84fc7fcd410e3fd8eef578f8472d72b66021c0244d4745fff
Size

188KB
MD5

7e516d8f78fed76e1711ccd84b47c819
SHA1

c75ec0ce79a4795b84d3b7f9f225f94b30ae8a5f
SHA256

ee5afb1147c55bf84fc7fcd410e3fd8eef578f8472d72b66021c0244d4745fff
SHA512

f7f63f799a3c8b62b0a07a05fc791fb658910223dfb5218ee7fd2c549500f101c72a9a2435458dc82fdf6fbc1fa0553d857bc836e30753f4cb32679ebe5f2857
SSDEEP

3072:67MUOEjO6iALrS3Uw18OKnI8s62J7+6mqfdnG+n4ut7xE8Zk6k:1U7BEUgdKnI8d29+uxGoH

Score

10^/10

rat s3s3 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s3s3

Decoy

tvielotus.com

teesta.xyz

talentrecruitor.com

pamaungipb.com

xn--90ahkh6a6b8b.site

910carolina.com

toyotaecoyouth-dev.com

invetnables.com

gdexc.com

ssw168.com

householdmould.com

mqttradar.xyz

t333c.com

thepausestudio.com

evershedsutherlands.com

asbdataplus.com

preddylilthingz.com

jepwu.com

tvlido.com

artovus.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_ee5afb1147c55bf84fc7fcd410e3fd8eef578f8472d72b66021c0244d4745fff

Files

JaffaCakes118_ee5afb1147c55bf84fc7fcd410e3fd8eef578f8472d72b66021c0244d4745fff
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB