formbook | JaffaCakes118_50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f

General

Target

JaffaCakes118_50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f
Size

126KB
MD5

a467b86d264bbb25b65f493601d88516
SHA1

912a0ccdacbcffad6e9f4566d0e8af0655a5aaa7
SHA256

50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f
SHA512

023ae817a46751f97bd7c1b9b23ce53bea9d0af2e57bae70f38870cc0d2225347728549f7f1253a38660e72c3b1d5350b32a8bfd5e3daf51547359ac9e11fbe7
SSDEEP

3072:iVn4kCQF3zOYMEcIei+hvb/yBgnVaD/rOzCu4o:iHXOYMEcBhvb/+gnVaD/rho

Score

10^/10

rat cb3b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cb3b

Decoy

lghglzcnkx.net

bellezaperfecta.company

thelisaiboldteam.com

newzdoozy.com

prospectsolucoes.com

altmartshop.com

webbresults.com

abnehmen-erfolgreich.net

tammygauthier.com

nelly-pasquier.com

footballrevolutionbyluna.com

primeassociatesca.com

lxzhub.net

jhaalz.com

fribetong.com

realkings.net

kamalameats.com

tyuyou.net

katiecorcoran.net

rigatoniscc.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/dump.exe	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dump.exe

Files

JaffaCakes118_50dcadbe8c9b041fd0b2184fa131b09c1067b10920352996d18629410d366b5f
.rar
dump.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB