formbook | JaffaCakes118_0ddd99fc33e2e71ca6be299611b66ae201b21828855d1aba2e03f255b8e697be

General

Target

JaffaCakes118_0ddd99fc33e2e71ca6be299611b66ae201b21828855d1aba2e03f255b8e697be
Size

185KB
MD5

698bf8e5fb423fa2288e3db4903d7a8b
SHA1

607668aec833f62bf98e309740dfdc2a680ab3e7
SHA256

0ddd99fc33e2e71ca6be299611b66ae201b21828855d1aba2e03f255b8e697be
SHA512

87c6b651ff24466eecd05af65301d8db18737a1e2b2c527c386bec33e657bedd2fac7b495ee40a62ae0679cda61d2c47fe35bce637d644903a8edfc3558016b8
SSDEEP

3072:HlgOlk4NVqffTZ35ma9WvrdJK27yvpXdl0Ykwfrxj0CC5Ux4RHetpO:dPN2F5Z8jdJK27yvptl0irWCAU2mO

Score

10^/10

rat wg02 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wg02

Decoy

w7c6ppie.xyz

wu6gurfbh74f.xyz

spirtualfreakofficial.com

xn--qvru1fc1gq6i.com

flyingstallionltd.com

travelinternationalnorway.com

legeny.online

geloreal.com

unekemindsacademy.com

ingrossobeauty.online

thebansheeriga.com

bumsb.com

shestampsnotaryservice.com

flipsideattorney.com

heathlytrim.com

upku.xyz

xn--nalemlak-55a.com

jkigroups.com

revitalisequalityfinishes.com

bellaterrahobbs.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0ddd99fc33e2e71ca6be299611b66ae201b21828855d1aba2e03f255b8e697be

Files

JaffaCakes118_0ddd99fc33e2e71ca6be299611b66ae201b21828855d1aba2e03f255b8e697be
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB