formbook | JaffaCakes118_270a80bdff850a7a382617cae17d9b8ca7333dad041d7804f57876ddfadffb05

General

Target

JaffaCakes118_270a80bdff850a7a382617cae17d9b8ca7333dad041d7804f57876ddfadffb05
Size

188KB
MD5

2428d7846841cd1ae9f81812cafbee55
SHA1

df7c6db4f6a9f9769ff2f8d918866debf62468ce
SHA256

270a80bdff850a7a382617cae17d9b8ca7333dad041d7804f57876ddfadffb05
SHA512

41e84dc6c388838cfcd17b5e0551a23a31ac5eae405d51018b57185e6dfaca12ea3fe5d759edc2bd6f2584b39a53a263f77b369b7c8d92ceda41387e41c8f2db
SSDEEP

3072:BnKxkXMCRgTc631I1nhrbR9AJOd2U7/OSzJRfKLLct0Sv:wI81gn5bR9AJQ2K/OSzG80y

Score

10^/10

rat lt17 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

lt17

Decoy

accompanydesolate.xyz

smallbatchzirconia.com

metaversifier.xyz

valeriaartgallery.com

floridaqualitypcinc.com

tokogacorbagus.xyz

wildlyzenish.com

davispp.com

findnamenecklacecanada.com

prudente.xyz

inquisitivetechnology.com

blagorgeous.com

mybestthinking.com

logarmedical.com

ontopoetics.com

masterysecurityphone.club

laptopsalezaf.com

jurzeelifegadgets.com

riventplanning.com

eveeear.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_270a80bdff850a7a382617cae17d9b8ca7333dad041d7804f57876ddfadffb05

Files

JaffaCakes118_270a80bdff850a7a382617cae17d9b8ca7333dad041d7804f57876ddfadffb05
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB