formbook | f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5

General

Target

f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5
Size

168KB
MD5

fae1b4e5f56cc0624b29527a45a9206d
SHA1

ea37aaffd1b20e7829bbb17511ccb4abf5cad1fa
SHA256

f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5
SHA512

5d21066235407217a632188f9d8deed4f7012e182af2cab5d7b8dbc366b8f40ccbf03466db9eefeb766c17c5d64384029af5c787390d5ea5b94e310b0b0000f5
SSDEEP

3072:cDu73SPDoR1c1Jk+dA/ndiTODPmxksgFKRbaACGghV6Ir/HEuaM3a:WI+nJfsndnDPmxksRR9py6Ir8ul

Score

10^/10

rat kp6 formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

kp6

Decoy

ipeez.com

knockloftyapartments.com

certifica-numero-login.cloud

tshirtfor.men

nailzboutique.com

adimulyalaw.com

with.travel

childsupportschool.com

u-plotproperties.com

associated-medical.net

808manx.com

avitalvf.com

emotechclub.com

nwche.com

eastmonitoring.com

eggdrop.science

xn--9swtuh2u8p6b.com

tattoolovestshirt.com

wlmqbxyy.com

marcomelileo.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

f9a4827b1355e83175a1ff06792046f8f81e7140748600743636a7725f9a79c5
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 163KB

.text
Size: 163KB - Virtual size: 163KB