formbook | o[.]exe

General

Target

o.exe
Size

188KB
MD5

5f625c29e0ab782363acad948b13374f
SHA1

af2cb912c0d8c6eb43ade7940dbb56815d9c79a6
SHA256

e38ab4998d2ec00aef052328a9a289a9a96ab45fb52a49b81a223068b0f5899c
SHA512

ec409199c648bf6feec2eda0b00b959384a72942f7a3451a9e5a2889e7250b9595a765a0d4fc4cd2a8a2d8e9884d3bc4610cdc2d9cf538a945371f5a07cdabe5
SSDEEP

3072:AFuEBxDvDTsy3HVSTVtYK4JAH5e3QkIH1mPQx7EPzFm3:8pkkHYJSK4JAH43QpH+iI

Score

10^/10

rat je16 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

je16

Decoy

antonavt.com

sdfvlog.xyz

xn--arbetslivsaktren-ywb.com

propelcolor.com

uniqueclsssiccars.com

colorbells.com

synjive.com

cloudymellows.com

walltage.com

qterps.com

kezorup.online

soakedindelight.online

thefirstgroupscam.biz

miclanka.com

mwm-security.com

trinksaifenradiodocumentary.com

spineklinik.com

javacodecafe.com

groovyrelease-toknowtoday.info

ventadesillasymesas.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

o.exe
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB