formbook | JaffaCakes118_e14e45b78e78a58812378c62286ac69a672e1e9eed9ff07820ddc93ca49c4db4

General

Target

JaffaCakes118_e14e45b78e78a58812378c62286ac69a672e1e9eed9ff07820ddc93ca49c4db4
Size

188KB
MD5

94c10fbb78fcd7ee33a0df71b15cd6f0
SHA1

beb24922c686adf4fd9e48a19f00acdd5ead0574
SHA256

e14e45b78e78a58812378c62286ac69a672e1e9eed9ff07820ddc93ca49c4db4
SHA512

74cca3a1057b329c28b49fbaa701ef8dc1daa86a134d3216064770f3ff8179f398e052aff1f2b15b5120b681b4da13e7fe0a8d34eb1f4c1a38f4d9d7511c83a1
SSDEEP

3072:TBoBkCDa6vrY37S2+lIE/6IyyEIKylgL3V8/Iie:sjW7Bc/6IyyDPgL3mwi

Score

10^/10

rat o0i7 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o0i7

Decoy

belleeffectivescore.com

llptys.com

osqua.xyz

happychicken.xyz

premiodasorte.com

ifozaks.cfd

indishjo.com

sarahtskinner.com

coquillon.com

mibesto803.com

usedselfdriving-car.com

findbusroutes.com

mtlcash.com

yy1j8jc.cfd

letsing2022.com

glideun.com

logansquaress22-23.com

amblermail140.xyz

leernota.com

twwq3hm.cfd

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e14e45b78e78a58812378c62286ac69a672e1e9eed9ff07820ddc93ca49c4db4

Files

JaffaCakes118_e14e45b78e78a58812378c62286ac69a672e1e9eed9ff07820ddc93ca49c4db4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB