formbook | 9f6d87c49513252d1184a86403793053

General

Target

9f6d87c49513252d1184a86403793053
Size

185KB
MD5

9f6d87c49513252d1184a86403793053
SHA1

ecabaaf343cefbde8606c3e05c22bf7f265ea017
SHA256

fbcc1ae200b9abc6681b588c4ad7b6b3a4faded322591619a0e8fa30c85c7053
SHA512

4d04a05b672c7bb8676ddff4542416ae23e9120112d0405c013554be9d1990867f944df903975f1b767d0e49a5278486978e409465b10bd4043f4cf74d1c8306
SSDEEP

3072:Jz8tkk1Rp7xtQPfc3tBPLrvhKbJP+a6v6rTDA89C5NAEdiji:KDIStZXpKbJP7tDAQGxiji

Score

10^/10

rat s4s9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s4s9

Decoy

qianyuandianshang.com

bernardklein.com

slhomeservices.com

findasaas.com

janellelancaster.xyz

umkpro.site

nr6949.online

mersquare.club

lanariproperties.com

3rdeyefocused.com

giftexpress8260.xyz

hilleleven.xyz

beajod.com

kosazs.online

ishare.team

mb314.com

xjjinxingda.com

ayekooprojectamazing.com

ballsybanter.com

todayshoppingbd.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

9f6d87c49513252d1184a86403793053
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB