formbook | JaffaCakes118_3500ba2197bee57e32a0dc1bc42d5f11f19babc67ca3232a02b816f262d56120

General

Target

JaffaCakes118_3500ba2197bee57e32a0dc1bc42d5f11f19babc67ca3232a02b816f262d56120
Size

188KB
MD5

09f3a58e9ca25a7d73a9f41f334f2040
SHA1

6a7aef400a59495bd641a99022fc49ae15004367
SHA256

3500ba2197bee57e32a0dc1bc42d5f11f19babc67ca3232a02b816f262d56120
SHA512

c1fc76f78868defaaf1dd3d1c5cc8fa5d7bc80d6478f3a5fbc73828dce87ee6261ec67598c3a8ef74e9e61706c24a8df5833b38233debd0e4bfa0fce7e4acf41
SSDEEP

3072:AOtTw/ZEdiP1Nn3CcXE9Hda21xhGjukc+I/niFzS+HC:kGc099a21xhGEwFbC

Score

10^/10

rat s5hr formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s5hr

Decoy

landscapinghampton.com

cahzam.com

jcprep.net

centrum.bet

tiagodalmeida.xyz

hebrontech.co.kr

verizonwirelessinc.com

secure00-id6483-apple.com

wowwebinar.com

trial.ru.com

martenssingapore.com

wwwcreditome.com

invisibleteethalignersaus.com

twelve.ru.com

discoveryofmountains.com

winners.ru.com

aspin.club

unitedmedcotraining.com

podcastwiththeboys.online

mercari.ru.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3500ba2197bee57e32a0dc1bc42d5f11f19babc67ca3232a02b816f262d56120

Files

JaffaCakes118_3500ba2197bee57e32a0dc1bc42d5f11f19babc67ca3232a02b816f262d56120
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB