formbook | JaffaCakes118_c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1

General

Target

JaffaCakes118_c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1
Size

182KB
MD5

124416d2b956cf91c800dc8d94e696b4
SHA1

d10ceb17baac1cd703f84903c159e19cc33f7357
SHA256

c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1
SHA512

082aa13db5f569b6dec46faad7bd88d20a9de447831b99512496b2013ff1b478401ed9640948982c875544d0135e56b034505eb5cdef8829018934e1fc004e59
SSDEEP

3072:0DF9AOx+HhfOx/7gqCsEa35rkWTnGMjNf5ELQGOiuS/U0h2Ut:i99aE/UHaJrk4fjN8/fft

Score

10^/10

rat p3c formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p3c

Decoy

scsykt.com

333999dy.com

soaringhood.net

thejaxstar.com

sakura-wedding.com

ussalesmarketing.com

mathworksheetsforkids.net

bestchinesefoods.com

theparkchi.com

cb6333.com

xldd0817nt15vkr6.xyz

joyousheartphotography.com

kittylol.com

caufooding.com

pippamalmgren.life

saveitall.today

connect-clarity.info

smartestgift.com

nilshana.com

arkpropertysolutions.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1

Files

JaffaCakes118_c765588034bd272b0ff08491d8b477776e4e284c37abcc9a8b7ae08acf0b4fb1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB