formbook | JaffaCakes118_e1b1e65bec0b1617cf5f5d2dff6caa93c87dc264c8bd67bbda67f9ea2fb717c8

General

Target

JaffaCakes118_e1b1e65bec0b1617cf5f5d2dff6caa93c87dc264c8bd67bbda67f9ea2fb717c8
Size

188KB
MD5

ddbf64beddf28d7d09deea0b85e5f047
SHA1

32c769b1ee65a3a7b42a2a8a1f1b28cb0292d5df
SHA256

e1b1e65bec0b1617cf5f5d2dff6caa93c87dc264c8bd67bbda67f9ea2fb717c8
SHA512

44c33382cbd3165fbdd9a3d0c5cff5ff5274cc23becaeb3163510cc06bebc2c96a7ba12de5ee7ff90d9af12dc81becacb9ba102776649951779e3869b7906d79
SSDEEP

3072:42OrkSM4J0uY9p30Qg7an2ogoKsyEgSo9VJhabC1vmXb31wqzPHBXS:GWV0Bmn3KsyEgT9VDmC10BwU

Score

10^/10

rat ko29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ko29

Decoy

citusdig.site

ecomrise.store

aringtonortho.com

plan-indonesia.com

retreat-to-the-alps.com

themerchperch.biz

freshfashiondesign.com

zachmizrachi.com

machomancoin.site

racunhariini.com

13378888.com

landofnd.com

techactive.digital

yourdebttips.com

www147171.com

xraino.top

willshouseofhorrors.com

redfiree.com

cyanband.com

srbs35.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e1b1e65bec0b1617cf5f5d2dff6caa93c87dc264c8bd67bbda67f9ea2fb717c8

Files

JaffaCakes118_e1b1e65bec0b1617cf5f5d2dff6caa93c87dc264c8bd67bbda67f9ea2fb717c8
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB