formbook | JaffaCakes118_9d2f80538cd185dd43f37c71c2b811ffd88c246e98214e26d4e74af2ac065350

General

Target

JaffaCakes118_9d2f80538cd185dd43f37c71c2b811ffd88c246e98214e26d4e74af2ac065350
Size

188KB
MD5

0ebef8b573172986b2b427bc3caae104
SHA1

5d8f1992855a4f347f10a147b35d65079aa1faf4
SHA256

9d2f80538cd185dd43f37c71c2b811ffd88c246e98214e26d4e74af2ac065350
SHA512

31dad92e616bb4a05c91c76acddb52c1360e383dae5e2f8640e01d927587e2b54ba7cce18125a77baae066449d9404cd2880fd54f88faf95db3085d475b7f2c9
SSDEEP

3072:INadKkfLM4FyGg3gP9k52KAhtplCvE7BfWqGqho2GpPnkOp:fJugFjKAhtpIsVfTIfRp

Score

10^/10

rat s31d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s31d

Decoy

paginafotografia.site

smartwriting.coach

thisisjsutforfun1263.online

prodsc.net

solarchargestop.com

9bulls-roi.com

youxikuw.site

mrshutki.com

rocksprings3development.com

enterpriseturkey.com

onlinehospitaltr.com

mybookie.codes

mytinystyle.com

ysrjqbd.com

socialmediaawarenessmonth.com

funkyblaster.com

stewartlin.online

k-design-w.com

qdoxx.online

kruuxt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9d2f80538cd185dd43f37c71c2b811ffd88c246e98214e26d4e74af2ac065350

Files

JaffaCakes118_9d2f80538cd185dd43f37c71c2b811ffd88c246e98214e26d4e74af2ac065350
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB