formbook | JaffaCakes118_8bc730658c381f36b804c0e3e0b36a3f6c8b45433118bbe3326a4a608a0f753a

General

Target

JaffaCakes118_8bc730658c381f36b804c0e3e0b36a3f6c8b45433118bbe3326a4a608a0f753a
Size

167KB
MD5

5efb2be790cbe8f7458e7742ea27e787
SHA1

f85dc20e4ee69095eefa1f0b5ffda34788640f86
SHA256

8bc730658c381f36b804c0e3e0b36a3f6c8b45433118bbe3326a4a608a0f753a
SHA512

3ae765d2d260ff0fcfadcf30a2467188ce10afe0078eb3de1d2c2e0b661614609099366b9ca4bd8574157fe07a3d82f708096c0d98f3fa469fce94164aee2fd1
SSDEEP

3072:ytJXqPTLn7HgqrWy2gGp70gsDn8QIawIy210+HMB:m6tiR5sDn8laNOig

Score

10^/10

rat ev08 formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ev08

Decoy

elysianhomesanddesign.com

emplytics.com

rx-server.com

yunkeguanjia.com

069xke.info

xgltnpzoai.biz

vizebasvurusuislemi.com

willenochhardscape.com

luciovicencio.com

369zhangting.com

dealsamzn.com

epsilontech.net

longzhimy.com

drfenxiyi.com

perfecttiger.win

jon-lisa.com

projeen.com

tpak4.com

telurasinjulak.com

grhcew.men

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8bc730658c381f36b804c0e3e0b36a3f6c8b45433118bbe3326a4a608a0f753a

Files

JaffaCakes118_8bc730658c381f36b804c0e3e0b36a3f6c8b45433118bbe3326a4a608a0f753a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB