formbook | JaffaCakes118_3a17abcee8b629385d5dad6aa84bd786b158a5fd00806ad39392391ecbe7afb6

General

Target

JaffaCakes118_3a17abcee8b629385d5dad6aa84bd786b158a5fd00806ad39392391ecbe7afb6
Size

188KB
MD5

b590e9b2a78908ae4513d1dc831c9f08
SHA1

5e639af59a293c0b942d6648699eeb9fd6a7957b
SHA256

3a17abcee8b629385d5dad6aa84bd786b158a5fd00806ad39392391ecbe7afb6
SHA512

10975c29df54be94961c331a9463713162416fd83dacec676832df9af69002d4f932cc7184841de7c80a2a8033cb0b20195b45fdd35483931188296ede123e4e
SSDEEP

3072:lqLbsMEACpqu/5N3e1MlLeg68HF73jyvyg59H7iet1KwZ9:8IrBeuT68HF7TyvJ9bFtk

Score

10^/10

rat gg82 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg82

Decoy

designsbyfiona.com

humelae.website

researchtility.com

rootedhearttherapeutics.com

feetrumpet.top

true3.xyz

shapemate.xyz

comercialagraria.store

ledsland.com

supcon5t.com

kakao-soleeemom.com

vaynhanh50phut.xyz

dinobytheway.net

defiunitedstates.xyz

aquamoon.xyz

lovestohelp.com

dwn-flasplay.xyz

ituagora.xyz

hadq.xyz

kodacapital.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3a17abcee8b629385d5dad6aa84bd786b158a5fd00806ad39392391ecbe7afb6

Files

JaffaCakes118_3a17abcee8b629385d5dad6aa84bd786b158a5fd00806ad39392391ecbe7afb6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB