formbook | JaffaCakes118_0dc2bccda084325cf62e504932ed4b6caddc6c7bdecf2dfe74af62d5569f45f1

General

Target

JaffaCakes118_0dc2bccda084325cf62e504932ed4b6caddc6c7bdecf2dfe74af62d5569f45f1
Size

188KB
MD5

5c04ab52bfe51252afb1f31f78ca5d9e
SHA1

ff825b84564b931b5d3d8b647327f3cd83bcf0ca
SHA256

0dc2bccda084325cf62e504932ed4b6caddc6c7bdecf2dfe74af62d5569f45f1
SHA512

e523b14d55b8fb40a389740b107cd86ebf7715a1aac59cad4ca1f18840d3688f3e54d6282b036d5973659f934733aec9153c220b6965a48f8a3aa6911d72d0de
SSDEEP

3072:gcIE05ThotalC2O3GWwN1ZVBIKArKmzsxXQMgsnBBfR6K55:2ps2oGTPOKArKmzsrbfEKj

Score

10^/10

rat mi21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi21

Decoy

ravno-sdelat.xyz

kykg91.com

lapugd.com

captainbenze.com

lphmechanical.com

investing.wtf

webcortez.com

drayagepg.info

kaarthikeyagroup.com

nyeripolydigidairy.com

nextdigitaldata.com

bizzymate.com

tropicaldigitalrd.com

goasiong.com

gestionflota.com

xcrjkc.com

ordinarymonk.com

hilmarthor.com

hellohero.xyz

tlchomerenovations.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0dc2bccda084325cf62e504932ed4b6caddc6c7bdecf2dfe74af62d5569f45f1

Files

JaffaCakes118_0dc2bccda084325cf62e504932ed4b6caddc6c7bdecf2dfe74af62d5569f45f1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB