formbook | JaffaCakes118_22c294ff939cef3ff8550fa2c4e9c11e29a0408923c8a8b5d2be164113083b34

General

Target

JaffaCakes118_22c294ff939cef3ff8550fa2c4e9c11e29a0408923c8a8b5d2be164113083b34
Size

188KB
MD5

90fcdf15b8d1f141d8f085d997c39ac2
SHA1

1987902558cebdc2b19ded4c7665f0b320ed8b09
SHA256

22c294ff939cef3ff8550fa2c4e9c11e29a0408923c8a8b5d2be164113083b34
SHA512

596afe96663adc663b6e340948ee7ce127626a37370b02591ba70369227d67dfe338d369a7bac0fce00a9e3368a8b0d8eb649adec5d75060ddbc241d337454e2
SSDEEP

3072:u3JENiyqqXCVl3oIpydChE6xjGLAVyRs5zrWFbU:vlEJooxS6xjGksKzrWFb

Score

10^/10

rat ld23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ld23

Decoy

lms22j.com

es-autentificacion.com

lottoprevisioni.com

yvw3z.xyz

womenupclub.com

phoenixeducationcentreni.com

metaversegurme.com

candymediaaa.com

virginiafamilyhealth.com

scasus.com

wide-hub.com

176218.com

huayidg.com

ticknft.site

sulfaa.com

system42.info

naturalhigh.love

taoshouyouac.xyz

lacasadeifolli.com

kotan3.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_22c294ff939cef3ff8550fa2c4e9c11e29a0408923c8a8b5d2be164113083b34

Files

JaffaCakes118_22c294ff939cef3ff8550fa2c4e9c11e29a0408923c8a8b5d2be164113083b34
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB