formbook | JaffaCakes118_c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548

General

Target

JaffaCakes118_c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548
Size

126KB
MD5

12f7f2bfafb99d0ae771f9f7f96e583e
SHA1

46e36067160056a88b6b77d69c2a0bd84f64f881
SHA256

c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548
SHA512

0ea76ad83d73dd6423277dda80ed00ebbcb97a5b9034a566704b479d5f1fffedfcf08e9344bcf125c27864f5b4d2f3025999626b29bee7b02132b6409fabc44d
SSDEEP

1536:Q05trhPvxKhfwRgqdzECwEl550lDBPc3fqwstMC+PFCsfgE+WN7hZ9grQHdaE1Og:fLrhPA67XwxOOMPPd7pgwTbHgGmtt0T

Score

10^/10

rat pjt2 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pjt2

Decoy

bankruptcyhelpflorida.com

yourpropertymanager.info

inevitablebites.com

liviabelezaa.com

bartonhuxley.com

headhuntersmc.com

karoshejeans.com

trevorrentals.com

overseas-assets.com

zpchanglong.com

bconomic.com

devilishweb.com

eagleusacoffee.com

thirdpartyinc.com

newyorktowservice.com

barbrs.info

digiceuticalindia.com

ftytqwfl.icu

cabinetinfirmiergomes.com

waystoconserveelectricity.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/dump.bin	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dump.bin

Files

JaffaCakes118_c0ed3b834f37b3354b795a2b74ab2f88ba261a8003b71e9930dea98c17ea6548
.rar
dump.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB