formbook | JaffaCakes118_d40b6e67f68d72bfaadb3dca8403a445edd54730458d1a7f21b739700177863f

General

Target

JaffaCakes118_d40b6e67f68d72bfaadb3dca8403a445edd54730458d1a7f21b739700177863f
Size

188KB
MD5

cb8dd26d99fcc4c41dc6dfa1ac9acfa9
SHA1

b7c3b1813be3b0264982e4337d97160c32c5ff2f
SHA256

d40b6e67f68d72bfaadb3dca8403a445edd54730458d1a7f21b739700177863f
SHA512

f4b8e2b3f874a4cac2bdbcd1be28717deb4fa02534002c033b765f802984374e19ce6a1d0651a277038fe4b06035b94498d2ad93285d414f73ab3988a80ea865
SSDEEP

3072:z5FYYJkuSBKz+R37VKl2ibKfqzPn+8rdUsdQLrf4WR1le4h:zR0N7QnbKfqzHpFyLfHEW

Score

10^/10

rat gh6c formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gh6c

Decoy

onlinesuppershopbd.xyz

shbd666k.com

nephrodialysis.com

why88.top

babouceesay.com

imgur.online

sistemasap.com

whwes.com

tw74m0gdcr.xyz

cantaregrupoinmobiliario.com

risiko-nein-danke.com

interfacejazz.com

rcde.cat

xxjcrj.com

moonboat.pro

simpcraft.club

keylockrepair.com

landslending.com

pocytochos.top

tooozi.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_d40b6e67f68d72bfaadb3dca8403a445edd54730458d1a7f21b739700177863f

Files

JaffaCakes118_d40b6e67f68d72bfaadb3dca8403a445edd54730458d1a7f21b739700177863f
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB