formbook | JaffaCakes118_858d85d9534ed734ea29232e4db48b7a093eb8fc140db18e666fb8ba5b3e96e2

General

Target

JaffaCakes118_858d85d9534ed734ea29232e4db48b7a093eb8fc140db18e666fb8ba5b3e96e2
Size

188KB
MD5

3d7ca0de2408ca077746fe5a8163d8c5
SHA1

8e15a3a7a831094ecd6119e723eb74b261116e53
SHA256

858d85d9534ed734ea29232e4db48b7a093eb8fc140db18e666fb8ba5b3e96e2
SHA512

a92f4208faa78b291d75796edd428dcee72770c3e237aa459231e31a3cff10a36236da31478a1f51469269f1c8179a11202fa174ca568d0d12005127742d6125
SSDEEP

3072:RRZ0ka8gn1PLf39P/zgaLIVhHIdYMhJLQoHfaYBXPD/cayWmNd:mXRf9XNLIVhHId5BQAnX7/

Score

10^/10

rat b31b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b31b

Decoy

deltafxtrading.com

alisonangl.com

cdfqs.com

easyentry.vip

dentalinfodomain.com

hiphoppianyc.com

pools-62911.com

supportteam26589.site

delldaypa.one

szanody.com

diaper-basket.art

ffscollab.com

freediverconnect.com

namesbrun.com

theprimone.top

lenzolab.com

cikmas.com

genyuei-no.space

hellofstyle.com

lamagall.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_858d85d9534ed734ea29232e4db48b7a093eb8fc140db18e666fb8ba5b3e96e2

Files

JaffaCakes118_858d85d9534ed734ea29232e4db48b7a093eb8fc140db18e666fb8ba5b3e96e2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB