formbook | JaffaCakes118_1f44625214b3e7a1e23c67011c10b59e4d4bf89672740714ec626be1fac33b99

General

Target

JaffaCakes118_1f44625214b3e7a1e23c67011c10b59e4d4bf89672740714ec626be1fac33b99
Size

188KB
MD5

74329dc56cba5090af93332533f49e83
SHA1

c57a5b0299df3185afe190126d59a6acc35329a3
SHA256

1f44625214b3e7a1e23c67011c10b59e4d4bf89672740714ec626be1fac33b99
SHA512

6ba0d7087bd39c53e61dfe2756909948b2eed81a08964b0568c479348349617bd8aee5baac14a7ac36629f8ef522454c4ff4093e361f0bcd3c01c5a8d7a6e2b2
SSDEEP

3072:G2OKkIPYrJBXQ3sZnw0GMO3aPJYSOAdjALV0k7Yz96UFkTnEa:JPyeshwf13aPJYSbdjAZ0z93FME

Score

10^/10

rat q2e2 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

q2e2

Decoy

windsortrad.com

sesiosam.com

moonriiver.network

trcmining.net

qidumeiyu.com

seesouthernafrica.com

executivefunctioningmaine.com

relaxtantrico.com

analaskanoasis.com

livesystemperu.com

taxisaigon.one

toodobem.com

dustinmasoncpa.com

o0timum.net

yaauby.com

newarkdeautoservices.com

almatjari.com

smarttech2.com

fuud.place

blocky-inu.space

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1f44625214b3e7a1e23c67011c10b59e4d4bf89672740714ec626be1fac33b99

Files

JaffaCakes118_1f44625214b3e7a1e23c67011c10b59e4d4bf89672740714ec626be1fac33b99
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB