formbook | JaffaCakes118_59ac60b271f92e372c7af1f44bccbb024ba4f609196ab4a13283f6d2bc9123b8

General

Target

JaffaCakes118_59ac60b271f92e372c7af1f44bccbb024ba4f609196ab4a13283f6d2bc9123b8
Size

137KB
MD5

d403b860aa32e9d9bf0443c7dd931d34
SHA1

215d14bdda602f39e6f016e49a0603da30799ce8
SHA256

59ac60b271f92e372c7af1f44bccbb024ba4f609196ab4a13283f6d2bc9123b8
SHA512

ffa8781f6368fb80f2c0ed96f289f8b96942fe8d764d8186192c836efa26c6793887fbfb63fa362ce78ecabb9f7c4bd48a271fb28c2646608abc2a3e5d283011
SSDEEP

3072:N2939rm5U6g6H8lAmkEiPWdDAYdvgUcaFRYzkBTwBvmLHB:N2m5J3SXkdWBV5ceNwBvmt

Score

10^/10

rat chb formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

chb

Decoy

clearvuetaxadvisors.com

lechen.site

americansearchtech.com

madcat-ant.com

omestredochurrasco.com

mylovaram.com

exodusclean.com

afilliatalk.com

dyingtovote.com

aptivautoparts.com

envisionfordheights.com

wilmotfamily.com

lapalmeradedebora.com

maximize-coaching.com

longerlong.com

ecwdhome.com

marketplace-87436332.com

linguanzhuangshi.com

kangda8.com

relonglong.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/21aa6e31fdcbc0723a5ec1133cc6cb22d09e7a58275003f3ac01423be8bce85d	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/21aa6e31fdcbc0723a5ec1133cc6cb22d09e7a58275003f3ac01423be8bce85d

Files

JaffaCakes118_59ac60b271f92e372c7af1f44bccbb024ba4f609196ab4a13283f6d2bc9123b8
.zip

Password: infected
21aa6e31fdcbc0723a5ec1133cc6cb22d09e7a58275003f3ac01423be8bce85d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB