formbook | JaffaCakes118_175a1fd0bc8f75d41f185bca4fbefa217254545f13570ec010bf059e588eacf8

General

Target

JaffaCakes118_175a1fd0bc8f75d41f185bca4fbefa217254545f13570ec010bf059e588eacf8
Size

143KB
MD5

e53ec50f9a37e20925c447b029cc6a6a
SHA1

65e38f725906e8a24f1f6246fdffd11b5e4bc706
SHA256

175a1fd0bc8f75d41f185bca4fbefa217254545f13570ec010bf059e588eacf8
SHA512

edf9a08e5279596dce78372b4238f0944a12ff8fc0e9ba491c08a9f2bae9423afe464955311a5e1fea5ec9704e2dd447a407cc97da9982298b79a8ac27b16a48
SSDEEP

3072:v0nEZtVPQ2M83qKd7hMga8teqe7014iJf:/clyqyha8tep01XJf

Score

10^/10

rat e2e9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e2e9

Decoy

therootcellars.com

zamesdayz.xyz

truwar.com

id-uh.com

nerosta.info

pressurewashlex.com

jasonsrandall.com

shopmeldoc.com

usdon.xyz

indonesiantreasures.com

geoitymetri.com

gaogenxie.xyz

blogbisu.com

badfella.com

c100fwp.xyz

boostexchanger.store

xvzhiyin.xyz

custombyjo.com

tj5000.com

wedhood.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_175a1fd0bc8f75d41f185bca4fbefa217254545f13570ec010bf059e588eacf8

Files

JaffaCakes118_175a1fd0bc8f75d41f185bca4fbefa217254545f13570ec010bf059e588eacf8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB