formbook | JaffaCakes118_326800f7e637b272c16cce550ebc3685601b558adbe7c0db854949bf005fe241

General

Target

JaffaCakes118_326800f7e637b272c16cce550ebc3685601b558adbe7c0db854949bf005fe241
Size

188KB
MD5

42e91f18b8b9bf9e790fd99fb29faa0a
SHA1

d59c408d18127a53e4300a5b6cf6def835bfc610
SHA256

326800f7e637b272c16cce550ebc3685601b558adbe7c0db854949bf005fe241
SHA512

a719ff1e8da959ab682f9988cb07a49d95427cddda4e3ec69f185744b948112fbdd71118d463c66af39170bcb17ea40e01630706adb068f10ed476201129fb33
SSDEEP

3072:atIWkvStKvjIp3xrwhzGsKxATwqjUeKmrxf62+AY79ItvxPFncjmLef0i:oRVxshztKxATwqwH0S2+Bq

Score

10^/10

rat rv12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rv12

Decoy

alsahger-store.com

luoboapp1.com

zjblmp.com

alreem-mall.com

wholesalemakeupmiamigarden.com

getevencattlecompany.com

fttmachinery.com

rauqe2m.xyz

pikeddetail-toglancetoday.info

apparessenza.com

g2367.com

advid-creativ.agency

mariobet399.com

seaforesthealth.com

autopilotinjury.net

jinchengdingjs.com

pigeoncontrolfarmington.com

mallorganicwealthgive.com

shicclothing.com

diwakarredhu.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_326800f7e637b272c16cce550ebc3685601b558adbe7c0db854949bf005fe241

Files

JaffaCakes118_326800f7e637b272c16cce550ebc3685601b558adbe7c0db854949bf005fe241
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB