formbook | JaffaCakes118_801c2b8b5ff96de91c57e43bbce0d7be005f0b9ff2c0be1de995917c09c22f30

General

Target

JaffaCakes118_801c2b8b5ff96de91c57e43bbce0d7be005f0b9ff2c0be1de995917c09c22f30
Size

188KB
MD5

1f702e63cd390718188879de91ae8374
SHA1

f0c6ba002659bc75b019dd4699298a9702e6aeb7
SHA256

801c2b8b5ff96de91c57e43bbce0d7be005f0b9ff2c0be1de995917c09c22f30
SHA512

345ba6efee3d328b037505dcd94afaedbad06657b55f1e9c36850194e7254b41cd835a01f939a2b56409fbded6b8b04502ae08047e7531dff3a93bcf620e73a9
SSDEEP

3072:Pw4tkWkW4VDb05B3E1Lqg0laIA7Gbqgb8iQIy70mRSMbrfzbMDMUXyDb469:AmHvEJT0l/A7GbqgQiQAmRSMbDMDMUil

Score

10^/10

rat mh76 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh76

Decoy

healthgovcalottery.net

wenxinliao.com

rooterphd.com

bbobbo.one

american-mes-de-dezembro.xyz

mintager.com

thespecialtstore.com

wemakegreenhomes.com

occurandmental.xyz

fidelityrealtytitle.com

numerisat.asia

wearestallions.com

supxl.com

rajacumi.com

renaziv.online

blixtindustries.com

fjljq.com

exploretrivenicamping.com

authenticusspa.com

uucloud.press

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_801c2b8b5ff96de91c57e43bbce0d7be005f0b9ff2c0be1de995917c09c22f30

Files

JaffaCakes118_801c2b8b5ff96de91c57e43bbce0d7be005f0b9ff2c0be1de995917c09c22f30
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB