formbook | JaffaCakes118_edfe6c8901b6215bad0f048d19e3fa86be0b499d479ff46e7bd04be349f633ba

General

Target

JaffaCakes118_edfe6c8901b6215bad0f048d19e3fa86be0b499d479ff46e7bd04be349f633ba
Size

188KB
MD5

af4ed7ee8a23046feb534bd7665b6416
SHA1

bccf7c011c49ce2e54063f371ee57bf8534b020e
SHA256

edfe6c8901b6215bad0f048d19e3fa86be0b499d479ff46e7bd04be349f633ba
SHA512

d458d4f6d20f44c50807b561d36174c5d975a6be29035c8ba5d6629cd85a2bf5c8bf821631bb47caa425e8a30676329d64d8bbcee2577b6baba7ff858fba3037
SSDEEP

3072:4Ww4k6pt9PG+y3TiQO0Ml9aaIYYAzzzqFm8bA32itrEVTHYj5:/BvkTLOn9aaIYY2zSmMvgJj5

Score

10^/10

rat e0l9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e0l9

Decoy

packingfairturkiye.com

khenonline.com

mydactil.online

coriliechty.com

canadazk.com

freeloanseva.com

successvideo.today

infinitelifetransformations.com

unicryptdoge.com

ecolifeco.com

luxefashionaire.com

lqctqtal.xyz

liveexim.com

happyhempbakery.com

paypalverifie.com

wingonvacations.com

flawdogs.com

shalomsingapore.com

ruscc.xyz

yaxi868.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_edfe6c8901b6215bad0f048d19e3fa86be0b499d479ff46e7bd04be349f633ba

Files

JaffaCakes118_edfe6c8901b6215bad0f048d19e3fa86be0b499d479ff46e7bd04be349f633ba
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB