formbook | JaffaCakes118_7d0f7eb573c1855c86f1b2e194f87c3e63ffa0ed600b4ce81376779e9a62f444

General

Target

JaffaCakes118_7d0f7eb573c1855c86f1b2e194f87c3e63ffa0ed600b4ce81376779e9a62f444
Size

184KB
MD5

103d8e6d5b636649659f0bfdd03f086b
SHA1

80434babd8839bf7414016b5c60e97fb16c81156
SHA256

7d0f7eb573c1855c86f1b2e194f87c3e63ffa0ed600b4ce81376779e9a62f444
SHA512

2cc8eae4c9a6cb9ea9de4bdbdf4e288c3e482313638ddd46dd583a690de2c01d9b6b63fec7aed530b1681b8097597a45f95da8aec403ac885ae8b12ad468edf8
SSDEEP

3072:dqY2OZ2ZJcvzzzwE1b8OOeD7fxj7QPvjrhHR8/uR2n:/2y8Ex3O27fxj7QPLrhRouon

Score

10^/10

rat odse formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

odse

Decoy

braedlifestyle.com

morganjohnsondesign.online

surup-v48.club

diypoolpaint.sydney

v-b7026-ghhh.space

vetyvar.com

lollydaisy.com

campsitesurvival.com

autocalibre.com

fusiontech3d.com

xn--udkog0cvez259c82sa.xyz

eccentricartist.com

jc-zg.com

wacwin.com

livehealthychoice.com

visijuara.com

phigsa.com

sabayawork.com

afcerd.com

joeyshousesessions.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7d0f7eb573c1855c86f1b2e194f87c3e63ffa0ed600b4ce81376779e9a62f444

Files

JaffaCakes118_7d0f7eb573c1855c86f1b2e194f87c3e63ffa0ed600b4ce81376779e9a62f444
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB