formbook | JaffaCakes118_5184a27267c6606cf903b25197a4bca3c20d0236fa1bd8b5e13501b0defba04d

General

Target

JaffaCakes118_5184a27267c6606cf903b25197a4bca3c20d0236fa1bd8b5e13501b0defba04d
Size

188KB
MD5

2a75024593947323ab4a0b0635e6dd53
SHA1

00f72ffc06619895ca1e88f1b1a126387a01e7da
SHA256

5184a27267c6606cf903b25197a4bca3c20d0236fa1bd8b5e13501b0defba04d
SHA512

d3a2b1970479fb303e7b3c41beffc33c89456fa2e6323904ded5395c099cbc12a5f3f5084394fad018780353a42f888f4587b4e2827fdba2819413bb530f25d6
SSDEEP

3072:/x09AE2YDwEOHm3UZLjGNh5B5J7B2Bvnd/GS9J:g0Y2QURjU5B5J7B2veQ

Score

10^/10

rat w26e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

w26e

Decoy

alexispageart.com

69253.win

luckytimelondon.com

289788.icu

houserepairservice.com

z-i-z.com

onlinediyetsitem.com

birkinmetaverse.com

unual.com

doorbundle.com

unplugpropertymanagement.com

go-fastcargo.com

therestore.agency

rubyyyjones.com

bavtin.xyz

jktwatchweek.com

atendimento-app.cloud

inavi.xyz

topinsurancesecrets.com

webgplsolucoes.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5184a27267c6606cf903b25197a4bca3c20d0236fa1bd8b5e13501b0defba04d

Files

JaffaCakes118_5184a27267c6606cf903b25197a4bca3c20d0236fa1bd8b5e13501b0defba04d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB