formbook | JaffaCakes118_a49295eb05450317423570caab0b11d530192e5ae3e56002b2a6c3174bed597d

General

Target

JaffaCakes118_a49295eb05450317423570caab0b11d530192e5ae3e56002b2a6c3174bed597d
Size

133KB
MD5

3625db12074f75c1aeb91ed990b102cd
SHA1

7dd2984dae8c4b806ede9dde5bd6078cb5e2c8a7
SHA256

a49295eb05450317423570caab0b11d530192e5ae3e56002b2a6c3174bed597d
SHA512

0a6cabccc5c92a0ea58a468d975a2fa94173b7324625d237b44435f6129d14c19c952f0f007904535fd34374a8166ad29892167d61f6220345f444d1754ed4b0
SSDEEP

3072:eNAVeLf7szpYtdCZhf0pYhdcaSufrGgQnREhcLPlva+mLF:eGVkszGfYRfcmhCl0p

Score

10^/10

rat slpb formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

slpb

Decoy

specialhelmets.com

advancedfiberglassproducts.com

guelphneurotraining.com

yishan1314.com

1728025.com

drawbeirut.com

bacb.online

calsury.com

health-helper.net

athapparels.com

kwunitedtraining.com

locqueenpl.com

kastamonuekingrup.com

planctheatreproject.com

puschistiki.com

mutlob.com

naturalbuttonecuador.com

smellssoclean.com

rishpure.com

weldvolt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/download	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/download

Files

JaffaCakes118_a49295eb05450317423570caab0b11d530192e5ae3e56002b2a6c3174bed597d
.zip

Password: infected
download
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB