formbook | JaffaCakes118_af0e261d6319b97dc78901e574881039df0465689370d00c4f450c7b71f4ce14

General

Target

JaffaCakes118_af0e261d6319b97dc78901e574881039df0465689370d00c4f450c7b71f4ce14
Size

188KB
MD5

f38b233e242b75f5d9828d30785eb179
SHA1

abf2ce1338bb63e3e28135f82a456ceb04470650
SHA256

af0e261d6319b97dc78901e574881039df0465689370d00c4f450c7b71f4ce14
SHA512

d585f202cc18aa08d8761946c3afb3cdb2998757a73abeadd5605c00b58fa1b6d298913f2775113e0e95c7441ac626f40952f0a24f6416f0c6f900911902fb9c
SSDEEP

3072:HXzB8XkE/WeUkMdb3V0Qssp8KVRRC8zd1WScwV1yHJcKzSMwf:HyD2zVVssWKVzC8JoSz1iJ5

Score

10^/10

rat d23g formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d23g

Decoy

444ccg.com

emilygracemann.com

poojaconsultancy.site

themoabbeast.com

animum.online

crutchenterprises.com

anywhereinyourunderwear.com

billpattersonforhd24.com

milanosalonurbana.com

maomi23f.com

grazianopattiasinalawfirm.com

food4life.biz

cartskipsviewsigned.xyz

bentheballoon.com

suncoaster0.com

alexandraluxuryvilla.com

de0754.com

innovate-property.site

chicagoweave.com

gozki.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_af0e261d6319b97dc78901e574881039df0465689370d00c4f450c7b71f4ce14

Files

JaffaCakes118_af0e261d6319b97dc78901e574881039df0465689370d00c4f450c7b71f4ce14
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB