formbook | JaffaCakes118_6c9fe67ffdcf7144942b690f68581480c5900aa31d9b3a9737de1d2798d7a7c5

General

Target

JaffaCakes118_6c9fe67ffdcf7144942b690f68581480c5900aa31d9b3a9737de1d2798d7a7c5
Size

188KB
MD5

f8777e79a04ea9b7ea83f91834e50adb
SHA1

6a95626d59d7f8d7e15f403e2f5266599b7ad410
SHA256

6c9fe67ffdcf7144942b690f68581480c5900aa31d9b3a9737de1d2798d7a7c5
SHA512

3f1845acbba48f45302e936902fcef7d06501440734f23a3bfbd681a6dbe799cf3d62f079fd94bca5848aa85f7268d5683730d647ffd1888c830e4cfe7014c03
SSDEEP

3072:BvPjk1/Fjdtnu36/73/uZ+Cua5RIj8jtmighlp20aWe6jYwDkmrBNZ:m9I6D3/uZFua5RIMg409e6jr7

Score

10^/10

rat yl32 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

yl32

Decoy

thesugargoddess.com

proyectostalentomx.com

kusinafilipinofood.com

comptoncarolinarealty.com

joyme.site

bjtxw.net

tidz2yvjw7b2ki.com

kfrodontologia.com

altbash.tech

subwaysurfersplay.com

mysexylips.com

martenoficial.com

nemzianu.website

www33110003.com

kimmyscheesecakes.com

wlsjkj.com

vacationning.com

2022yjgs.com

lethisuong.xyz

inthelane.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6c9fe67ffdcf7144942b690f68581480c5900aa31d9b3a9737de1d2798d7a7c5

Files

JaffaCakes118_6c9fe67ffdcf7144942b690f68581480c5900aa31d9b3a9737de1d2798d7a7c5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB