formbook | JaffaCakes118_eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925

General

Target

JaffaCakes118_eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925
Size

133KB
MD5

0871a401709aff12e85f8ea37f5c2625
SHA1

d57b089fccc6b1938a583d3675b5232de8a56a5e
SHA256

eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925
SHA512

76ffd1cd879c59aee1c609525c5e034ab35327684bd935701c7b88a1faf3ffb6cd9885d77102348a43665dcc554b79de2d45abe2e1d6a7c5e15b2a04c97ddc43
SSDEEP

3072:Ml8IDdB1PQ6QuhfBGpPejYe+UJNMH/nu0DAjpAFByfC33tQs:MuEB1PXzGpPaYe+UIHm0DcpAPf3tQs

Score

10^/10

rat zvf formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

zvf

Decoy

slimytrout.com

ericdykema.com

pennystanwayart.com

auliawijayadecor.com

iyundun.com

postforearn.com

xn--4dbaigbvbe5b1a.net

fishhousemarketandgrill.com

cqweb8.com

serverauthcheckmate.com

betterulasy.com

karenhoverrealtor.com

etigia.com

yinggehong.com

brandprtex.net

pusatcpanel.com

reidec.com

ajscghy.com

tvdajiang6.com

freightlogins.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/formbook.bin	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/formbook.bin

Files

JaffaCakes118_eb75ef667ea9c9bccc8ad8b121fc01cf37027441b1bd0271e7eb6ccc064dc925
.zip

Password: infected
formbook.bin
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB