formbook | JaffaCakes118_e5d5992123e29abf3c92d4cd9b619e298d264d79afa3c5df31733ded658492c3

General

Target

JaffaCakes118_e5d5992123e29abf3c92d4cd9b619e298d264d79afa3c5df31733ded658492c3
Size

188KB
MD5

34626f518c9e2d3c1664c9a571ed75c5
SHA1

ab6230873902c123f07b61749958739e6e53ac4e
SHA256

e5d5992123e29abf3c92d4cd9b619e298d264d79afa3c5df31733ded658492c3
SHA512

a6f289087ed8a4b0a66c2adc425d23b1bb4faedad9d35dbfac84eb75aa02234219d7a38143fb29b16527ebdb6158c8edc0bb4a4e4fe9b3c6c25b9e1b720244e1
SSDEEP

3072:CMB4JkvLhnLfiDp3TCmYqoK/0pnORCvWyNimxkgWDQIccDB:1LIVThYZK/0pnOxaiGkPDQa

Score

10^/10

rat k2i4 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k2i4

Decoy

apehangersbikersgang.com

lhcgrou.com

diveidf.com

timtas.store

jadebody.club

iamjbrussell.com

fwfuv.icu

picchealth.net

batuair.com

z58609.com

punarecotech.com

a-oct.com

xn--wmq0c1qt9mcxhxjkp16a.top

district99.net

5dcoding.com

aripagripoff.biz

abtheagent.com

betterskincareco.com

jsskylight.com

deviseoffice.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e5d5992123e29abf3c92d4cd9b619e298d264d79afa3c5df31733ded658492c3

Files

JaffaCakes118_e5d5992123e29abf3c92d4cd9b619e298d264d79afa3c5df31733ded658492c3
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB