formbook | JaffaCakes118_f079f6f37ae9708169077d995e6d2ab536660d480c0775a2bbd39eac8b034c5f

General

Target

JaffaCakes118_f079f6f37ae9708169077d995e6d2ab536660d480c0775a2bbd39eac8b034c5f
Size

188KB
MD5

f2c611e3dde489b72f6c9a6a8535336f
SHA1

76de66d7accc13b89eb8f1076a11b4cffa81a353
SHA256

f079f6f37ae9708169077d995e6d2ab536660d480c0775a2bbd39eac8b034c5f
SHA512

2322662cbd38caaab5647904fa342d4769e680f6cf3752390871cb0a2e4caaa3b7119ac68d04da920994452e3cfffc0eb700c07ac673c0bc74b8911590cb0ec0
SSDEEP

3072:iWsAELKPH3L4J375eHpqyr4NVZh5KJlJaXL6CQd20Sx:ktD170Jqyr4NTjWl8Lb0Sx

Score

10^/10

rat th47 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

th47

Decoy

bestguy8.online

artpressonline.com

touzitest01.com

thecolorbuzz.com

xn--est572f.top

ayumandya.com

arxdigital.com

ayaretri.online

ajanseralp.com

createna.com

inquisitivemeditation.com

qhqfoq.cyou

mango369flower.com

comeherequinn.com

xvideos202216.xyz

reopdat.xyz

guosetianxiang.xyz

asynctest11.top

pineclass.com

cq4n0lrbygmgke.kred

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f079f6f37ae9708169077d995e6d2ab536660d480c0775a2bbd39eac8b034c5f

Files

JaffaCakes118_f079f6f37ae9708169077d995e6d2ab536660d480c0775a2bbd39eac8b034c5f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB