formbook | JaffaCakes118_5fd7acec75f49bc5237187efb791d841882aa008430148242fdfbd9255066a70

General

Target

JaffaCakes118_5fd7acec75f49bc5237187efb791d841882aa008430148242fdfbd9255066a70
Size

188KB
MD5

2d33e82f776342129d6f3e3e9da3bb17
SHA1

01b50e27edd0a10ba933261e76579433fb1745d8
SHA256

5fd7acec75f49bc5237187efb791d841882aa008430148242fdfbd9255066a70
SHA512

6e89776e667a9aa0f9d49babfd43a244d9bf0f6b6dc6c465404798d3a92a10cdb3b88986098982ecddd6558557e3c64d0cf95f2655daf9117e501047bbb83723
SSDEEP

3072:ljHETN77R8HG3/A7RzVqmpXSuLyZJ+gC6JWDlgTgDRLq:INWw/mRJqmpXPe3JWDyTcLq

Score

10^/10

rat p31f formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p31f

Decoy

a-jinsys.com

nn-blog.com

infotechsolutionsghana.com

jmpjewelrydesign.com

nzenzocafes.com

moemajid.com

masterlending.xyz

darbarfullmoviedownload.online

usaservicedogregistartion.com

bqmjj.com

dienhoatuoidep.com

mttbk-lve.xyz

aamuktivastram.com

doneys.online

coinbasewallethelp.com

qpbtllv.site

edutesshop.com

xa9at1fy4pkupe.xyz

plynkapppcrypto.com

fujix.love

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5fd7acec75f49bc5237187efb791d841882aa008430148242fdfbd9255066a70

Files

JaffaCakes118_5fd7acec75f49bc5237187efb791d841882aa008430148242fdfbd9255066a70
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB