formbook | JaffaCakes118_468b6bb16de2b5f7b4c5c9cf269fe496ff2370147face8622e6f72ea6b6ec719

General

Target

JaffaCakes118_468b6bb16de2b5f7b4c5c9cf269fe496ff2370147face8622e6f72ea6b6ec719
Size

188KB
MD5

6129a31c2e9ef65aeed1de49e97f491f
SHA1

0841c0ed329e8fd1a23c0a4c3b0743d44f5cfdba
SHA256

468b6bb16de2b5f7b4c5c9cf269fe496ff2370147face8622e6f72ea6b6ec719
SHA512

41d104b9917c13818f1a1fe115a55a2cbb7d570dc8c91cabb480e1021ccee4cfe5f282f97ec0b783c0fbc8975ada00dc98968fe86a9cacbc37eed67e85d86d7e
SSDEEP

3072:E1ZNqkJ0eEY/YT3A4toGQtaiKjn3x/xqv45YMYRz7i7FnSav:4m/7A8oGmaiKj3BxFYa79v

Score

10^/10

rat r1e3 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r1e3

Decoy

floorwaves.com

leshigou.top

2y3jq.com

karobazaar.com

cookdd9.com

xn--9kqu10bhqv.top

hollieforson.com

peachso.com

gerberry.info

abslikepro.com

lesourire-official.com

dfhgxi.icu

lightofcg.com

hismozart.com

nieuwemaniervanleven.com

trimble-gs-112-cable-reel.com

putacandleinit.com

gopenly.xyz

northcountyneuropsychology.com

thekittyherbalist.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_468b6bb16de2b5f7b4c5c9cf269fe496ff2370147face8622e6f72ea6b6ec719

Files

JaffaCakes118_468b6bb16de2b5f7b4c5c9cf269fe496ff2370147face8622e6f72ea6b6ec719
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB