formbook | JaffaCakes118_40af20bbedc34d7286cb9a9bb79d7785ed7c61dd1e2b9065398d811cbb774519

General

Target

JaffaCakes118_40af20bbedc34d7286cb9a9bb79d7785ed7c61dd1e2b9065398d811cbb774519
Size

188KB
MD5

75f77debb4a26e031fbda6c00cac8b3b
SHA1

2a0480745a0789109490aa83646b919e3b1021c7
SHA256

40af20bbedc34d7286cb9a9bb79d7785ed7c61dd1e2b9065398d811cbb774519
SHA512

07ac8e9c45f3a34f24970195731c6c0da66b2ae60e909c9f1f41e02fcc0f760c2577289004bbc97e4af0593753b7fbeab55c740da9de5f4d3f42156aa35b92bb
SSDEEP

3072:hsF0kmKjU6Ob3Z+B/AVfj6RCQRblXEi983pxFXj3mDQqqWk04:rhzZi41j68QRR+jFXbAxqfR

Score

10^/10

rat m0r9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0r9

Decoy

neekoluldao.com

pandolam.com

homestore.website

inthemoart.com

plubmingcny.com

tsandjsdjproductions.com

bangkok-bars.com

theroganexperience.com

cisneros.media

cxaerfa.xyz

dalafea.online

eppsallen.com

kksm1.com

navega.site

coloradonews.info

rnhues3j.xyz

languageslibrary.com

metapharmacyphuket.net

invisiblelady.com

suculentaycactaceo3d.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_40af20bbedc34d7286cb9a9bb79d7785ed7c61dd1e2b9065398d811cbb774519

Files

JaffaCakes118_40af20bbedc34d7286cb9a9bb79d7785ed7c61dd1e2b9065398d811cbb774519
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB