formbook | JaffaCakes118_7ec293a25325d2e76ac5736b2f36f0c4ab374b6e1bedbb1f8070c12ef2ca26a7

General

Target

JaffaCakes118_7ec293a25325d2e76ac5736b2f36f0c4ab374b6e1bedbb1f8070c12ef2ca26a7
Size

188KB
MD5

51220550e326ccbf641d659ede574cc8
SHA1

a4a3262b6943a79fab6c49102df1250f5508ff80
SHA256

7ec293a25325d2e76ac5736b2f36f0c4ab374b6e1bedbb1f8070c12ef2ca26a7
SHA512

0b4eb43822ccb14d83f3d1d2e3fcf322abf3dc8c96331a86a16ccf72be46479a34743f4054826efbfefca2f39bd0f9f0b2923cab1f2034e119ff8feee27773f3
SSDEEP

3072:8ecCEZTLw9es43cCNvP6qZmqZ53jbomqkdMbvZIyp1g:2G2cm36qZmqHAmqgqIy

Score

10^/10

rat e0i2 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e0i2

Decoy

beneficity.net

what2find.com

moongeeu.com

lablacktheatrefestival.com

gigugi.com

imjck.icu

helloi.xyz

sensationsanduncommonsense.xyz

ecorenorth.com

tscqxc.com

107ul.com

moonbircoins.com

patigop.xyz

shangmo.net

wecampfolk.com

qqssccrr.com

lojatechpartsonline.site

tkrlogisticsllc.com

luciena.com

if0v.club

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7ec293a25325d2e76ac5736b2f36f0c4ab374b6e1bedbb1f8070c12ef2ca26a7

Files

JaffaCakes118_7ec293a25325d2e76ac5736b2f36f0c4ab374b6e1bedbb1f8070c12ef2ca26a7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB