formbook | JaffaCakes118_10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855

General

Target

JaffaCakes118_10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
Size

184KB
MD5

d183004c73c53fd2e1c50bce8cc40602
SHA1

99fcacc46c4bc2bf0c066e37f7e88b23284ed8a9
SHA256

10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
SHA512

e7c34484eb796d2d178da4c3078e89aeb41c4cb0d6af4a945f32667da4fbbf31093c9024eb5c51e1ba8600931c5ad6d68d98e908467d5073b46e932c7788ab8c
SSDEEP

3072:Nrl7Igz17cSqxqw6w7RUzqaFWaCKalTKchkHwhTxQgHyyYMdzTpCs:d1A4w6eIqaIafaBKOTxXHy8dz

Score

10^/10

rat 3nop formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855

Files

JaffaCakes118_10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB