formbook | JaffaCakes118_eeaa5646c9dfa61519b642c0fad7fe2f5030d5e3148ee6aed4525251e6546819

General

Target

JaffaCakes118_eeaa5646c9dfa61519b642c0fad7fe2f5030d5e3148ee6aed4525251e6546819
Size

188KB
MD5

a14dde9cb84bc27818a72b0756f5f7f0
SHA1

6df82c54d8a37e64cbbf4b9bfb700c0c15aa01c6
SHA256

eeaa5646c9dfa61519b642c0fad7fe2f5030d5e3148ee6aed4525251e6546819
SHA512

81a7a41579d76de50008b519935cc09a9f20e779dfd13977ea168ba1b3c443acab514ecfc32a88f6bb6b2c6a7d35613a5c4ae64be2905af0bb79763f2d1be51b
SSDEEP

3072:WW7HnFvYOShs5effv5zifmRIFL8gvYKIW7ET+uJKVf5iuiRYvcBGEY:EAefn5DWL8gvYKb7K+CqfyY9

Score

10^/10

rat a93b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a93b

Decoy

legalcostfinanceltd.net

adverse-afield.com

beautyvalleys.com

kittyol.com

mortgageguyjeff.com

superhuemn.com

aprendizadodigital.store

dxprintz.com

casadeilustracion.com

crecerspa.com

vernutz.com

n-ike.com

jettibolo.com

lavlabsventures.com

xn--939ak44aoun.com

mjeghz.com

neikaskincare.com

gerickinc.com

sattaking-gaziabad.xyz

fykori.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_eeaa5646c9dfa61519b642c0fad7fe2f5030d5e3148ee6aed4525251e6546819

Files

JaffaCakes118_eeaa5646c9dfa61519b642c0fad7fe2f5030d5e3148ee6aed4525251e6546819
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB