formbook | JaffaCakes118_ba925ecf8f63d0d88a9b22b4c23f41863558ab6a775c419508dc178d41f15581

General

Target

JaffaCakes118_ba925ecf8f63d0d88a9b22b4c23f41863558ab6a775c419508dc178d41f15581
Size

140KB
MD5

ac88a90847f1a519b2fb5bd8ec69477e
SHA1

17d1b2bc41291cb49a5670dd0dd54ee1fefbd832
SHA256

ba925ecf8f63d0d88a9b22b4c23f41863558ab6a775c419508dc178d41f15581
SHA512

af9650c3a2bfe1acc98fd83142dd86fc2906a6d88ff6619756a13ef4f7d01d91c94e039d2cea018fa7718b69af27188e2e1339337ffb060fe3d80894b3204a59
SSDEEP

3072:+pU9ScmgTm2ZyrB16ck4o79XGUC/rTlDtawdXw31QZ86XYg:+paEgTzYrBDBM9XGvTTlDtaiw31Q/7

Score

10^/10

rat t39h formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t39h

Decoy

a101im2.com

nowherehome.city

shanglinrunair.com

yingyandiaocha88.com

ke77fu.top

vnitrni-bezpecnost.pro

feednigerianow.tech

788851.xyz

tristarnetwork.com

slsbuildingproducts.co.uk

stop-dog-diarrhea.site

place-dessert.store

tppstore.xyz

inapr.com

girlsmaza.com

mjbplumbers.co.uk

usmanagementcorp.com

any-markets.pro

vaynhanh.tech

4aged.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/fdee49da020d3af0cc598fab485bfecb1ccf1222b3ce93f10f4af64df74306ab	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fdee49da020d3af0cc598fab485bfecb1ccf1222b3ce93f10f4af64df74306ab

Files

JaffaCakes118_ba925ecf8f63d0d88a9b22b4c23f41863558ab6a775c419508dc178d41f15581
.zip

Password: infected
fdee49da020d3af0cc598fab485bfecb1ccf1222b3ce93f10f4af64df74306ab
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB