formbook | JaffaCakes118_b377748157f830ac5592cf0ee7f047e907c509fd72a01631fbf0ac421d4763a7

General

Target

JaffaCakes118_b377748157f830ac5592cf0ee7f047e907c509fd72a01631fbf0ac421d4763a7
Size

188KB
MD5

7f580a501360f1b9fd07610ad9298216
SHA1

6ec6b95acef2f329e5ff6252cedd3aafd5940964
SHA256

b377748157f830ac5592cf0ee7f047e907c509fd72a01631fbf0ac421d4763a7
SHA512

0e66a10a414d29237e8ceea4c8b9dbbab319d0d44f1b45de653f9fad5390b2befc8597dbcbac5d2214d25c881ae8eeeff4015fcd81fbb3735c249c2f0cae8bb6
SSDEEP

3072:w6LQnkvPuDwdNt3lmWiC96MFIbFteJKa1Ex3pHOhOQ7M:3Rhltp6MFII1e3tOx

Score

10^/10

rat sh30 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sh30

Decoy

raptorwin.com

mmwavesolved.com

coachingwithcc.com

ssvminc.com

celdegobierno.info

wpaci.com

denison.top

fdsff.com

kelsapur.com

pontodeacucar.com

tgbamg.com

hkserver.xyz

muscatrfc.com

gylslgzn.com

roses-rouges.com

stanleymediaproductions.com

mintplatform.store

mentalallyhealth.com

lezfilm.com

lucarbo.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_b377748157f830ac5592cf0ee7f047e907c509fd72a01631fbf0ac421d4763a7

Files

JaffaCakes118_b377748157f830ac5592cf0ee7f047e907c509fd72a01631fbf0ac421d4763a7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB