formbook | JaffaCakes118_0c4866661f649bf726bfb4b26d5e7973de779e8239a54d68349b46fc65d9312c

General

Target

JaffaCakes118_0c4866661f649bf726bfb4b26d5e7973de779e8239a54d68349b46fc65d9312c
Size

188KB
MD5

b54c89876e3d911bc18ca07dca56e92b
SHA1

814d5988ee949e14743d2374e0f4a19113f3e548
SHA256

0c4866661f649bf726bfb4b26d5e7973de779e8239a54d68349b46fc65d9312c
SHA512

27b0a022b148ba166b1d768b875353337eb79fb3da0debf7ff7d93ab2d884a0f6d72ad4f4b488f46ecb5b4d28841b7f9f602fb6ff97a66576b2f507911c668d3
SSDEEP

3072:Jz8tkk1Rp7xtQPfc3tBPLrvhKbJP+a6v6rTDA89C5NAEdiji:KDIStZXpKbJP7tDAQGxiji

Score

10^/10

rat s4s9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s4s9

Decoy

qianyuandianshang.com

bernardklein.com

slhomeservices.com

findasaas.com

janellelancaster.xyz

umkpro.site

nr6949.online

mersquare.club

lanariproperties.com

3rdeyefocused.com

giftexpress8260.xyz

hilleleven.xyz

beajod.com

kosazs.online

ishare.team

mb314.com

xjjinxingda.com

ayekooprojectamazing.com

ballsybanter.com

todayshoppingbd.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0c4866661f649bf726bfb4b26d5e7973de779e8239a54d68349b46fc65d9312c

Files

JaffaCakes118_0c4866661f649bf726bfb4b26d5e7973de779e8239a54d68349b46fc65d9312c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB