formbook | JaffaCakes118_170301d619c3fbcbbb68c94f4221afe24da25a7f66e7c3c8611869ed21eca1cd

General

Target

JaffaCakes118_170301d619c3fbcbbb68c94f4221afe24da25a7f66e7c3c8611869ed21eca1cd
Size

188KB
MD5

95cfca8304eb4ec2d11de5f53b3cb3d5
SHA1

cccbf2f23148e73e232be9ae7be67a649e8f53ea
SHA256

170301d619c3fbcbbb68c94f4221afe24da25a7f66e7c3c8611869ed21eca1cd
SHA512

25fffa6d6d2be4e185aba73fbd4ab6c4d5df46944df5465d56a4cd08dee6816384be2672bc4ef6a293c9efa30d9f728f25eb3c547e7307969e02ce6ee4191082
SSDEEP

3072:H0NE2cxkfblvW3zw0puC5gtQaYK7jzUUdhJcFDNadvDg8HDbhpt:SlAzt15gtQ2nzv8orgept

Score

10^/10

rat a23w formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a23w

Decoy

guifer2.com

donepudiohiohealth.com

ynyur.icu

feasy.cloud

sloanconstruct.com

agronftclub.com

swecast.com

huntgearus.com

rcj660.icu

moakstransmissionllc.com

reque84.com

4slicing.com

glosemannido.xyz

findacustombramaker.com

yiqudg.com

mecapable.com

daxiguan9.com

shijiebei787777.com

benshirusa.xyz

tgc46.icu

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_170301d619c3fbcbbb68c94f4221afe24da25a7f66e7c3c8611869ed21eca1cd

Files

JaffaCakes118_170301d619c3fbcbbb68c94f4221afe24da25a7f66e7c3c8611869ed21eca1cd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB