formbook | JaffaCakes118_7cb212df218e8bbb5b7091097eb56fcfdd785267d31b2ae52f7cb3928bea3ced

General

Target

JaffaCakes118_7cb212df218e8bbb5b7091097eb56fcfdd785267d31b2ae52f7cb3928bea3ced
Size

188KB
MD5

80cabcf72c2911635622df85777a2174
SHA1

86fdcf03deb6da351e3f0f34b3606fa99584fa67
SHA256

7cb212df218e8bbb5b7091097eb56fcfdd785267d31b2ae52f7cb3928bea3ced
SHA512

1db521de17f63893caaf879191ce6b66dec587a18fd2990011158c736d0edab97b4b31de932bf9c919b9e82274490eae974fb8a113303f63422cab9510b596cf
SSDEEP

3072:iFTEbDt1GD833RHrypD9a5X4raIQW1tvevAfktBo6XA2lpEEYAlsvHKO:NOy3NrypRah4raWjwmw9lMXq

Score

10^/10

rat s16r formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s16r

Decoy

kellieroysellsnc.com

valleylowvoltage.com

mltuo900.xyz

visitingpuntacana.com

weiwushi.com

austintechjob.com

rxstarcbd.com

shopstudioesi.com

filetto-server.xyz

relianceltdbnk.com

unethical.world

yedd.store

esthershhs.com

magaddis.com

scenicdrivetours.com

123gest.com

2020mortagelifeinsurance.com

faceinle.com

integritymarking.com

alfatoto.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7cb212df218e8bbb5b7091097eb56fcfdd785267d31b2ae52f7cb3928bea3ced

Files

JaffaCakes118_7cb212df218e8bbb5b7091097eb56fcfdd785267d31b2ae52f7cb3928bea3ced
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB