formbook | JaffaCakes118_f89b5669e19c1bff07365ca3f654d2beef09b1c0cca0a7c561657243f5119737

General

Target

JaffaCakes118_f89b5669e19c1bff07365ca3f654d2beef09b1c0cca0a7c561657243f5119737
Size

188KB
MD5

68e26145c432f3229ccc317be9953aa1
SHA1

72a955c0b59e54ff7ecb11900a9bee29979e5133
SHA256

f89b5669e19c1bff07365ca3f654d2beef09b1c0cca0a7c561657243f5119737
SHA512

12d7d9bbf947065093fb9fd8e0a27128b155d13f9b80f7289e848e32d8f0ddaf505baf416f91f53106872b1e19c3cd6d9596f934e1f31ebfda155892368e89e8
SSDEEP

3072:F/HsBFrP/JxUGvKJ1vLxiHZBt5KuQheOQDUap6ytdoffAEn:2T/74vLcDKuQhehDUW6+djEn

Score

10^/10

rat amdf formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

amdf

Decoy

xadazheng.com

bremorgan.com

keilaniclothing.com

du9a20ofolvhfr.xyz

santamariacourt.com

wcagls.com

visionuptechnology.com

sddysrq.com

pencetslot.site

wpcoisas.com

caomei08.xyz

infinitepotential.xyz

anotherchanceranch.net

ymterp.com

zhuyunming.com

elementarymodel.com

edmondsonfinancial.com

adsnethosting.com

obohsan-souzokusindan.tech

helicopterart.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f89b5669e19c1bff07365ca3f654d2beef09b1c0cca0a7c561657243f5119737

Files

JaffaCakes118_f89b5669e19c1bff07365ca3f654d2beef09b1c0cca0a7c561657243f5119737
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB