formbook | JaffaCakes118_603db960297752366f25c500d4d43b425341864f49fcdac20768a4cbbc53df26

General

Target

JaffaCakes118_603db960297752366f25c500d4d43b425341864f49fcdac20768a4cbbc53df26
Size

182KB
MD5

43e3a8b914387e3c5ef5d4f25c038ba0
SHA1

e8a26772cd08a8d6bec57b49cdb4f9fc9e5db51a
SHA256

603db960297752366f25c500d4d43b425341864f49fcdac20768a4cbbc53df26
SHA512

1e2814bf8e17fbbd0508ab3405ad1a068f102461963d2a43fbfb2c4c6054b72e580eef1c19e7d350f1945a9d14d25a53b08a173960d8291bb910081b7098fe0b
SSDEEP

3072:O/20g2x7EunTummbWHzk6K4X6bgyGr9v5Y03mWQFr6b7DejZ5U6c:qBhKmmKw6bX6bghrfe/Foy9q9

Score

10^/10

rat ot8m formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot8m

Decoy

digiclan.net

songlautramtuoii.online

miracleseedproducts.com

taniacastillo.com

essentialme.network

charmcitydetour.com

suprekopis.com

jimmycollier.com

thrifteee.com

rhmachinery.ltd

the05project.com

altfacebookalt.com

ein-herz-fuer-holz.com

kingohost.com

vmarines.com

2bestudio.com

triducdv.com

kp-transport.com

mybostonhwart.com

benzcat.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_603db960297752366f25c500d4d43b425341864f49fcdac20768a4cbbc53df26

Files

JaffaCakes118_603db960297752366f25c500d4d43b425341864f49fcdac20768a4cbbc53df26
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB