formbook | JaffaCakes118_f29a5c1534401843f0c8693f7cae075b70b4e5a572d952fbf3a6ffea46fdbdb9

General

Target

JaffaCakes118_f29a5c1534401843f0c8693f7cae075b70b4e5a572d952fbf3a6ffea46fdbdb9
Size

188KB
MD5

cb61a9a0cc7831870bec7c72cff3cbb4
SHA1

119e764462376a29e405f6454339fa83b2c64eb5
SHA256

f29a5c1534401843f0c8693f7cae075b70b4e5a572d952fbf3a6ffea46fdbdb9
SHA512

09476d05fd5a4527cf7df9cfcd6ddde3ea37ff2d4f33b13cb99b5bd1f3ee4ba3a4acf820ddbe78e89b3fa5493ae791af987ea12a3c43938c28b04b52cd157c5c
SSDEEP

3072:LGwJkprDIhfNV3oLYrHAJrOVwfRzcuGhOVdeHZJ1iwod:ku5osLurOVwZc/hOVdeHZJ4wo

Score

10^/10

rat cb3b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cb3b

Decoy

listenlocker.com

jumpstartnotarybiz.com

new-post-vehicle-site.xyz

summon-entertainment.com

johnandtracy-adopt.com

bferety.info

palmonlae.space

yx1889.com

janetnaufranck.com

banditanalytics.com

agenciahologram.com

artemojo.com

goldensuninn.com

aminobalm.com

customersme.com

techcareerschool.com

angelahuckeby.com

smoothcontract.com

kartsorgumerkezi.com

houstonhemorrhoidclinic.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_f29a5c1534401843f0c8693f7cae075b70b4e5a572d952fbf3a6ffea46fdbdb9

Files

JaffaCakes118_f29a5c1534401843f0c8693f7cae075b70b4e5a572d952fbf3a6ffea46fdbdb9
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB