formbook | JaffaCakes118_5e1d930f42eb51b191a8e35e4d32376c3702039af10293f41d7d3f343a5a990d

General

Target

JaffaCakes118_5e1d930f42eb51b191a8e35e4d32376c3702039af10293f41d7d3f343a5a990d
Size

188KB
MD5

55aa15256c3ef30bc9f492a12e3d03b3
SHA1

8301fbd50e6cf8ebe50eb966a1cb77ce7f0eac8a
SHA256

5e1d930f42eb51b191a8e35e4d32376c3702039af10293f41d7d3f343a5a990d
SHA512

6890749ccd9155c91307ccd3c7dacf7287369f3441a8031e15b791b66fb97d3913e40b72ca2fad8b318315aabe152fee0c1dc9420076072da668687e93aa6d82
SSDEEP

3072:WJPYEzbLNtd0n3O+SowukEyfZP0IcbD9u8X+OkqqLPw:WHW3OlLpfZP0IwO1qMPw

Score

10^/10

rat cy84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cy84

Decoy

buymarijuana.website

mars-house.com

highloopkids.com

hengjialives.online

hht5292.com

yiniu54.xyz

baykuscuksapsap.net

lzzcxx.com

nbchangshun.com

backfields.farm

randacominternet.xyz

bralumi.online

sportsorb.com

graveounce.online

dddsss222.com

xiaojuju.site

returns-nagoya.com

tepinvestmentbeylikduzu.com

81796.land

thisisit972.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5e1d930f42eb51b191a8e35e4d32376c3702039af10293f41d7d3f343a5a990d

Files

JaffaCakes118_5e1d930f42eb51b191a8e35e4d32376c3702039af10293f41d7d3f343a5a990d
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB