formbook | JaffaCakes118_4c4b8aa35a649c0c20809a8425f118118b02d467de9e8b8e45255940b3811963

General

Target

JaffaCakes118_4c4b8aa35a649c0c20809a8425f118118b02d467de9e8b8e45255940b3811963
Size

188KB
MD5

6795dc3045ddb303d658a02a078eab43
SHA1

542366a4e977ef1946548a0e3c8f985df574fdd1
SHA256

4c4b8aa35a649c0c20809a8425f118118b02d467de9e8b8e45255940b3811963
SHA512

e4f71ff5c4009e121490ca7f1906ac8a65aa8680674d3086df5f7b1ead625a00432f9a7fa3f944c70c033124156b9932659a6ebf5f8ba5be77de8850ff248375
SSDEEP

3072:QTiAvkKFxWGO73jYWz88WRNWbUAq80cCO0xcNwXbupv42r4Qfm:I/MTjLzhWTWbUAq8ZCO0+NwXbZ2rPO

Score

10^/10

rat s18l formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s18l

Decoy

powertreesolutions.com

rayin.tech

latinapparelimportcompany.com

garagelens.com

repuestosdeocasion.com

snstechsolutions.com

patienbenefitassist.com

pure-poppers.com

drovemiss.com

blockexperts.xyz

woodlandpropertyinvestments.com

htv7uc.com

dnevnik.site

bimcellpk.com

angatbuhaylahat.net

moneydeviant.com

balanceforpaws.com

theopendaonftnyc.com

mader2022.net

by-shavee.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4c4b8aa35a649c0c20809a8425f118118b02d467de9e8b8e45255940b3811963

Files

JaffaCakes118_4c4b8aa35a649c0c20809a8425f118118b02d467de9e8b8e45255940b3811963
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB