formbook | JaffaCakes118_a30497d19ee4ff9a13b3493c22b98bfc4ee82b9d0cfb25ecb252443fbf9dd7f6

General

Target

JaffaCakes118_a30497d19ee4ff9a13b3493c22b98bfc4ee82b9d0cfb25ecb252443fbf9dd7f6
Size

168KB
MD5

f5c94ba2e0e32dcf78de1fda413d4632
SHA1

b405f457d4242ce09a673f804c8ccd1a4ec3782b
SHA256

a30497d19ee4ff9a13b3493c22b98bfc4ee82b9d0cfb25ecb252443fbf9dd7f6
SHA512

7e1f0371434f0cc8c13d34d669c5be70ff2d315905fff00b30a581ccbcbc1880e086ba00ccfabc2b0df5a75e0524e7fe94be478a883efeb366af33a3e6539bb1
SSDEEP

3072:GWpooiPUuQ89lsCzGA/I4JfIz4X5TJrcZT+qUJ/8jq76q:cA8sIb/wzY5TJIZaVJ/n76

Score

10^/10

rat ml formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ml

Decoy

com-2way.com

thelawsecrets.com

n6126.com

bluefrog.site

livingmyhappylife.com

bitforexnews.com

panassocia.com

delideiro.com

macaronila.com

sensibleprojects.com

hanaropecha.com

legalactionsagainstpolice.com

14105edgewater.info

jahanclip.net

ejia.ltd

lojaopcao.com

uptoate.com

almvie.com

newstylebusiness.com

redcirefrigeracion.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a30497d19ee4ff9a13b3493c22b98bfc4ee82b9d0cfb25ecb252443fbf9dd7f6

Files

JaffaCakes118_a30497d19ee4ff9a13b3493c22b98bfc4ee82b9d0cfb25ecb252443fbf9dd7f6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 163KB

.text
Size: 163KB - Virtual size: 163KB