formbook | JaffaCakes118_08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8

General

Target

JaffaCakes118_08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8
Size

133KB
MD5

22650b54d608df14b7311bd474a9fbbd
SHA1

d47f71df62e5201921937ce2d6aed23a713779d9
SHA256

08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8
SHA512

ec0dd4350442b116d80b9cd492d1c3b7a3409defb3e17b84c151880b0df92868cc3bf826bbc7a668d62543414c8beb078907dd80ce757228a290ad98ab8d2a8c
SSDEEP

3072:szP7bNJ0iWZkanibClIxm/Y7bYnOnjh8XbzeO:sDrwkiCHxm/Y7COnjh8X/eO

Score

10^/10

rat ga4 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga4

Decoy

rivercitygoldens.com

seattlebarkery.com

jxsxdb.com

bet365o1.com

mynexthomedfw.com

scheduleyourintentions.com

vestingfacts.com

angelicasanchezpsicologa.com

constructorariedel.com

myabron.com

askthepotato.com

cuscases.com

dlrioata.com

ilikecircles.com

teamsters401kupsplan.com

79dzb.com

simoneventpros.com

cloversonglyrics.com

intansuper.com

gamefacesydney.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/formbook.bin	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/formbook.bin

Files

JaffaCakes118_08522edec76d7f0b00ae43564ccd77729cb5e07f0e8111f76f3cdf5496fe35f8
.zip

Password: infected
formbook.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB