formbook | 1ce17200496c6ffbbfe6220fa147f7599edce5a4dfb27a0afe14e072ceca5eb6

General

Target

1ce17200496c6ffbbfe6220fa147f7599edce5a4dfb27a0afe14e072ceca5eb6
Size

167KB
MD5

349d6af6f1710decfcb42a6a6ce1c15e
SHA1

817e215be884c50e0e115e106fd41fc9d5224359
SHA256

1ce17200496c6ffbbfe6220fa147f7599edce5a4dfb27a0afe14e072ceca5eb6
SHA512

a61395ccc543a622537e5c0e88fc3586ca70ea193f4e60f17f377334d6881ba58c09c4496d39e6874defde7852868bc95b7e2cf4feff90800dec89c271bcb908
SSDEEP

3072:C1KgoPrkZl3mtOBww3jq3DjlIAjBl50hOUvV4onbU30B:AM7t6tTmDjlIAVkA10

Score

10^/10

rat sh formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

sh

Decoy

worldtravellab.com

tagpfm.com

j1tnm1.info

gomultitaxservice.com

vfxwarrior.com

alvota.com

darnitromance.com

devfunlink.com

feraserweb.live

wallettop.com

topperdr.com

jetcharter360.com

thereggaesoldiers.com

rocketcityaxethrowing.info

further.design

bzlouti.com

garnertautomotriz.com

firdesigns.com

regulates.net

hollyelizabethfox.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

1ce17200496c6ffbbfe6220fa147f7599edce5a4dfb27a0afe14e072ceca5eb6
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB