formbook | JaffaCakes118_4aad20480192542caecfaba10c5a70cab6a036eb47b88cb35507b0401f2b4720

General

Target

JaffaCakes118_4aad20480192542caecfaba10c5a70cab6a036eb47b88cb35507b0401f2b4720
Size

188KB
MD5

c2c5355c95604ba42b218622d992668f
SHA1

0c6899be18c8a3327462f200f9053486760c5d8d
SHA256

4aad20480192542caecfaba10c5a70cab6a036eb47b88cb35507b0401f2b4720
SHA512

905ec07798410d6f86072ebf11141f70575d7cc0ca9ce2c8811a4c874593522326f82890f0a19e7bde42529d5e20c94157ab232bd66e02b7d357bbf8e3195651
SSDEEP

3072:YO8BkSd+udbcd334ttkgF6puUuvZY2KoipofxUSt3RCFV4C:KdgH4Pb6puUuvZY2KoipIUGaV4

Score

10^/10

rat v05y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

v05y

Decoy

vlastasamsonth.com

swankyeaters.com

digitalstar.info

katouchcommodity.com

armyworm51pud.com

shazhou.xyz

literatureforscience.com

nemitchel.com

embodiedwomanhood.com

clearoneadvange.com

cres.network

stanbicserv.com

theazted.com

trochumotorsltd.com

danielleclamare.com

solotime111.com

fancyproduct.space

starlinkinvestltd.com

famanhico.xyz

mgzz093.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4aad20480192542caecfaba10c5a70cab6a036eb47b88cb35507b0401f2b4720

Files

JaffaCakes118_4aad20480192542caecfaba10c5a70cab6a036eb47b88cb35507b0401f2b4720
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB