formbook | JaffaCakes118_9e6e89390162109eda7bff934d2951b92374337074a8412f4bad8fade71f3871

General

Target

JaffaCakes118_9e6e89390162109eda7bff934d2951b92374337074a8412f4bad8fade71f3871
Size

188KB
MD5

cf8a46b6ac00689458964ed64cc7c013
SHA1

26a038694e2827afb451b8bb5c9d50cba2775fea
SHA256

9e6e89390162109eda7bff934d2951b92374337074a8412f4bad8fade71f3871
SHA512

5a9338664781575993c459d9c74e3b55e973d2d3498845cd452c87c0c45d19a8281d66439f0e6663e24182d27011f3b9a4424447d595a9ce734509052570997a
SSDEEP

3072:nU2OEgQx0H/8w3ffPjxaKvgBXcKX5Ak0MrpCVm/TAyFnYkPy:3Nz+fnjAKvgBleMrA2cytPy

Score

10^/10

rat ce20 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ce20

Decoy

tiendacbdsevilla.com

cambodianairlines.net

xtypelife.online

8568008.com

truelanguageacademy.com

fibverse.com

thhhh.xyz

maskschool.com

missbrazilsc.com

suonas.com

esteel24.com

dreamoffkartal.com

errebasics.com

novaworldmarinacity.com

sailingt.com

8ylady.com

d5lb1.club

mexicovegetal.com

ahfsaleleaseback.com

sjcad11.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9e6e89390162109eda7bff934d2951b92374337074a8412f4bad8fade71f3871

Files

JaffaCakes118_9e6e89390162109eda7bff934d2951b92374337074a8412f4bad8fade71f3871
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB