formbook | JaffaCakes118_4d9cca79f850698e538f0311b23d604763820c88c1ed108844cf915f25f014e1

General

Target

JaffaCakes118_4d9cca79f850698e538f0311b23d604763820c88c1ed108844cf915f25f014e1
Size

188KB
MD5

94209712d062099594fe0fc106674143
SHA1

2136a6aefcbbe7e13747bdde0fb322f088bdfa07
SHA256

4d9cca79f850698e538f0311b23d604763820c88c1ed108844cf915f25f014e1
SHA512

433dcfc95310e11fc03326d34c23bbd3c9ed1b799321364683d14d2fe7eff25f0f8b10a2ef947d77c697bb0586738a06871e2c9681d2892d888f1879b52c11dd
SSDEEP

3072:hWBkkckrgdUj3mXp1vz8buQkq7AGZnSTmaA1M36H2JK+7p+vEfolu:/eLmZ1vAbuQkq7PnHNWx7p+Xu

Score

10^/10

rat a36e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a36e

Decoy

helponcor.com

globetradeuk.com

oiepw.cfd

mortarieu.com

chaiyaphumsmart.com

smtdkj.com

mulatez.online

hmbokc.com

yichangmh.com

moorestns.com

padeluncut.com

azlione.com

vijayinfraproject.com

rockitmortgagesquares.com

euroleague111.com

zyhsjc.com

001sblive.com

ghrenovationsllc.com

srseedalliance.com

oscaropsiyon.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4d9cca79f850698e538f0311b23d604763820c88c1ed108844cf915f25f014e1

Files

JaffaCakes118_4d9cca79f850698e538f0311b23d604763820c88c1ed108844cf915f25f014e1
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB