formbook | JaffaCakes118_6b59f12ffe3770708604b8ae3bd1201a84d1b969d53236fa345521c1283d6685

General

Target

JaffaCakes118_6b59f12ffe3770708604b8ae3bd1201a84d1b969d53236fa345521c1283d6685
Size

18.3MB
MD5

1f547b58b2b31d9d6d526fb9e8e5835e
SHA1

6cc3b2de6d135cf00fbd907f6d2d170cf8811d4e
SHA256

6b59f12ffe3770708604b8ae3bd1201a84d1b969d53236fa345521c1283d6685
SHA512

14d1d575f485597eefde8db1addb0e7d175559e3a677cb25042f6fcd2eb3f6f0c01fc7b48b9becf96dbcc43f4e8d11215467566582f4fbf23c5d78c1ca45bad8
SSDEEP

3072:7F9EUGkuaXxjj2n50uehBk5L/zXAL79e/DsnycwBTtCIY7ssA:okjQ5neb2L/LA00wOI+

Score

10^/10

rat a18a formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a18a

Decoy

scuolaviamoscatimameli.com

namoro-virtualsaquibra.com

nanotechclothing.com

3w2mtj7b.xyz

elevancehnealth.com

accountantsoftwares.com

garmoshka-samouchitel.com

theindigostudio.com

chattanoogagpo.com

eizunecoskin.com

dingshounongzi.com

kcysj.com

d3artshop.com

199ty.com

vicmargo.com

fenceproviders.com

v4242.com

eastendphysicist.com

onlineleadsdirect.com

tworiversreflexology.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6b59f12ffe3770708604b8ae3bd1201a84d1b969d53236fa345521c1283d6685

Files

JaffaCakes118_6b59f12ffe3770708604b8ae3bd1201a84d1b969d53236fa345521c1283d6685
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB