formbook | JaffaCakes118_4f2696e1f2d66f23785045b104f711452150f15ad5bfa08c723eef07b5ab261f

General

Target

JaffaCakes118_4f2696e1f2d66f23785045b104f711452150f15ad5bfa08c723eef07b5ab261f
Size

188KB
MD5

0f745f78ac77ab6c29d09cd3fd906a77
SHA1

3443ce39134e676db77c8535b2ef852e32c70a15
SHA256

4f2696e1f2d66f23785045b104f711452150f15ad5bfa08c723eef07b5ab261f
SHA512

b82f8052b29567ba4feecc1b257e19d2ef50aa77515067e738aafc91dd8f0a38c45e4fa67cc5a580d6045f85c8e86f916ce2c1329ee39f2965337729e2f206df
SSDEEP

3072:Q1gjkLJ9gu95Khn3smAhZww6wMJYBdhxvKcrISkOsJUE8:E9gP3svh2w6wMJYDIDOid

Score

10^/10

rat as31 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

as31

Decoy

satunusanet.com

intro3.xyz

000point.xyz

woreruq.xyz

yoursinglesnetwork.club

zdcqne.cfd

kkbtt.net

aflm1.com

slayback.net

metaverseuropeen.com

teng74.com

insgoat.com

willowgrovecoaching.com

pacwest.com.co

adleadz.info

ericanilsen.com

xdfgoiumk.site

oriondistribution.net

welltempered.xyz

futamatagawa-ekimae-shika.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4f2696e1f2d66f23785045b104f711452150f15ad5bfa08c723eef07b5ab261f

Files

JaffaCakes118_4f2696e1f2d66f23785045b104f711452150f15ad5bfa08c723eef07b5ab261f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB