formbook | JaffaCakes118_a3fd01b1b813f4a186d97895b185eb7b7497f5954aff747f52f507fe22a1c919

General

Target

JaffaCakes118_a3fd01b1b813f4a186d97895b185eb7b7497f5954aff747f52f507fe22a1c919
Size

192KB
MD5

79d6c10258252b6de2d23597f228f024
SHA1

7d057f2c471aeb09bbeddbce6df2f93cf1134318
SHA256

a3fd01b1b813f4a186d97895b185eb7b7497f5954aff747f52f507fe22a1c919
SHA512

cd5ddcbe8a4e18ecace30515ccab374dccdc61dd93b658c59f4d28f5f415451f06da48c6a09465cf5aa3ec15e3b81edb3b396680399f5910919115ca636998c1
SSDEEP

3072:B0n0XeJF3JeIlm2oBL/LkflP1azYpm8MP3Rv7eCFWskX09a:m9BlKL/27azYpmpP357eCFWskX09

Score

10^/10

rat ghu8 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ghu8

Decoy

blackhawk.limited

mrshow.xyz

wycvip.top

myakoba.com

koningsdag.store

lux-mining.com

globalstarenterprise.com

ds078.com

carrerasatletismo.com

ayurvedicmedicine.tech

destinationbeyond.win

addisgig.com

headlight911.com

odioda.com

runefragrance.com

lisvk.com

polarkingsunglass.com

gonggamict.com

fundasalgeciras.com

indusicloud.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_a3fd01b1b813f4a186d97895b185eb7b7497f5954aff747f52f507fe22a1c919

Files

JaffaCakes118_a3fd01b1b813f4a186d97895b185eb7b7497f5954aff747f52f507fe22a1c919
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.rsrc Size: 1024B - Virtual size: 960B

.text
Size: 180KB - Virtual size: 180KB

.rsrc
Size: 1024B - Virtual size: 960B