formbook | order_list_attached[.]exe

General

Target

order_list_attached.exe
Size

184KB
MD5

d183004c73c53fd2e1c50bce8cc40602
SHA1

99fcacc46c4bc2bf0c066e37f7e88b23284ed8a9
SHA256

10fc636b7474b2ea701bfda198e0625d430d51097665addbc8d7bf397e565855
SHA512

e7c34484eb796d2d178da4c3078e89aeb41c4cb0d6af4a945f32667da4fbbf31093c9024eb5c51e1ba8600931c5ad6d68d98e908467d5073b46e932c7788ab8c

Score

10^/10

rat 3nop formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

3nop

Decoy

videohm.com

panache-rose.com

alnooncars-kw.com

trueblue2u.com

brussels-cafe.com

ip2c.net

influenzerr.com

rbcoq.com

zzful.com

drainthe.com

sumaholesson.com

cursosaprovados.com

genotecinc.com

dbrulhart.com

theapiarystudios.com

kensyu-kan.com

dkku88.com

tikhyper.com

aztecnort.com

homebrim.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

order_list_attached.exe
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Code Sign

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 177KB

.text
Size: 177KB - Virtual size: 177KB