formbook | JaffaCakes118_5732142b270b7c276642bed5cba28bb9de0a2e0756214f929b6f2346137b0366

General

Target

JaffaCakes118_5732142b270b7c276642bed5cba28bb9de0a2e0756214f929b6f2346137b0366
Size

188KB
MD5

774883d026e7fa493a09e40acbd85c35
SHA1

8d6c9b0f7ad2fa5032b9efc1d4821c11161da651
SHA256

5732142b270b7c276642bed5cba28bb9de0a2e0756214f929b6f2346137b0366
SHA512

1e27b646cc68eeceae683e05fa844e63496b21a201cac4179abaa7cc3b7c13b72f358d3b3d0e9bc503e8ff886fa8273e690d9bc55b9fb52bc33ce56b9bce14c7
SSDEEP

3072:NMaGEUJZH8r63mxIXzrDFC4Ai6TedKUY9xZbP30hMXTm+bM:WI8majrDo4A3TeErr30hwa

Score

10^/10

rat o27j formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o27j

Decoy

jimchim.club

aerovistasllc.com

gpdy5-zxs4j-8-ee.xyz

ilzro.tech

tesringnyc.com

dubulk.com

humiservice.com

torrentpa.com

kiralikbahisayfalari.com

tokoporn.xyz

pihgos.xyz

ultimateguirtar.com

awanpetir.com

mywafflehelps.com

synergy.cfd

spatialdraftingsolutions.com

psmf.xyz

jazzontime.com

blns-law.com

more2moors.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5732142b270b7c276642bed5cba28bb9de0a2e0756214f929b6f2346137b0366

Files

JaffaCakes118_5732142b270b7c276642bed5cba28bb9de0a2e0756214f929b6f2346137b0366
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB