formbook | JaffaCakes118_e71e37969d38bbf562268dc0846b8f0e7486d9c1157737e92b99c73597f2a188

General

Target

JaffaCakes118_e71e37969d38bbf562268dc0846b8f0e7486d9c1157737e92b99c73597f2a188
Size

188KB
MD5

d3c0b46d5ae979d092d79267c39324c1
SHA1

2fa1a9a341e4f8b4e7d5e971eafc3a9eaace13ed
SHA256

e71e37969d38bbf562268dc0846b8f0e7486d9c1157737e92b99c73597f2a188
SHA512

75f1c6855938766758e15231d6f1165c00289e299dd71c555edd68de621ee607f5d842625e100f51234eefe487703eb028cff3cd3c7086edc32a809b888402fe
SSDEEP

3072:kH8EkNRO0/+L5G3rPNqmrXKFdtHk79ihVGARPhfq6f0:xRqwrFqQXKFdtsgRRPNq

Score

10^/10

rat b6nt formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b6nt

Decoy

mecchashonan.com

zzzu9.com

molliebellezza.com

ado-response.com

gurutech.design

gadgetavenuebb.com

ecomoscar.tech

makai-import.com

selotwinmax.xyz

kaihong08.com

biocyberlaw.com

crowdedhr.com

viagradb.online

mtbind.com

zcyq.life

mvideo.contact

brilliantconveyancing.store

onlythexclusive.com

metaverseintegrators.com

xn--ekakb-3x9h.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e71e37969d38bbf562268dc0846b8f0e7486d9c1157737e92b99c73597f2a188

Files

JaffaCakes118_e71e37969d38bbf562268dc0846b8f0e7486d9c1157737e92b99c73597f2a188
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB