formbook | JaffaCakes118_0bcf803d59d399a5521060a85c5cc12a67ecf95b7cf319c582765d95aebfd668

General

Target

JaffaCakes118_0bcf803d59d399a5521060a85c5cc12a67ecf95b7cf319c582765d95aebfd668
Size

188KB
MD5

383b74e4f4987a89035af7cc7967fbb2
SHA1

f242f5baa4df87b8830ba599cd5fa05af2a30ff9
SHA256

0bcf803d59d399a5521060a85c5cc12a67ecf95b7cf319c582765d95aebfd668
SHA512

51afaf8c811a9d4d3d1a0d6a55230f3053b0b49b41671136883f25bf890f6070336ac1be93e7c8859c8e882f6a6fc32e46973ca45c7363fa969e22a31b88d6ee
SSDEEP

3072:/SypHk5pb+Bxyi3TRgYSAi+v6FBGVwrJrHNtaMSXfI9BJCchF:szUTWYHJv6FBGVwrJjQIjg

Score

10^/10

rat c7k0 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c7k0

Decoy

farmerbaazaar.com

renshouchina.com

xn--es-mja.com

qiannianyi.com

edwardsvilleitsolutions.com

xu6hmbv3cbxu.xyz

unicreditbanca.center

showmefoam.net

money-guardman.com

accra.media

pizzeria-la-mona.com

kodiakbeard.net

dragshowmetaverse.com

guodh.xyz

cupidscheatsheet.com

taheock.xyz

contactjpass.com

slsj945.com

needplusoffers.com

asthaforce.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0bcf803d59d399a5521060a85c5cc12a67ecf95b7cf319c582765d95aebfd668

Files

JaffaCakes118_0bcf803d59d399a5521060a85c5cc12a67ecf95b7cf319c582765d95aebfd668
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB