formbook | JaffaCakes118_e8acfea024b0e0e8314c26f9598e71c5fb06aebda78d96b1872dcef592c6bbd6

General

Target

JaffaCakes118_e8acfea024b0e0e8314c26f9598e71c5fb06aebda78d96b1872dcef592c6bbd6
Size

188KB
MD5

f7156afb9d38c51d24bb119792eb0367
SHA1

d504ecb4b548ea4f55fe8857f14a8f2b66c21ab1
SHA256

e8acfea024b0e0e8314c26f9598e71c5fb06aebda78d96b1872dcef592c6bbd6
SHA512

1b588b6000c04602c9871b4b8c250a17d13136814e74f84b64a7211b616424aff2b7949f12af75f99d9d9ef86497a17dcefffd89a220975467440f8d6fa4bc4a
SSDEEP

3072:T4HEgSEO7qK73383ltJsQqaQJZqvobSrq9gLN/wul8LA:WZiH8VtPqrJZlbSrmxuliA

Score

10^/10

rat gc5j formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gc5j

Decoy

abrahamsplumbing.com

139.info

insta-plus.com

pflegenius.com

nftworks.site

greendil.com

pathegame.com

supplychainscenarioplanning.com

jnljdx.com

officely.xyz

cashoffersdirect.net

llmattioli.online

qvdautomotive.com

nbxinwen.com

amooitresses.com

innovapos.xyz

holycowspice.com

caspianoriginals.com

map-database.com

grac3fulallur.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e8acfea024b0e0e8314c26f9598e71c5fb06aebda78d96b1872dcef592c6bbd6

Files

JaffaCakes118_e8acfea024b0e0e8314c26f9598e71c5fb06aebda78d96b1872dcef592c6bbd6
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB