formbook | 6f9b5c651a115ef1a19015f32ad20110[.]exe

General

Target

6f9b5c651a115ef1a19015f32ad20110.exe
Size

185KB
MD5

6f9b5c651a115ef1a19015f32ad20110
SHA1

b3843cd26daaac8d533889b2906c52c6256ddab3
SHA256

0757fea0f6cfd9c09527cfffa1bf8eeeb57701d47fb3ccf146ac7a3a981b141b
SHA512

fb0d6cc912f031961c54a0a43ce60771a8d7f295b3bf7e5784e21604c5fefa28c76884f8e9bcefc821f52b95c73ecb7868fbad487ec1a24afde9c4fea437b5e1
SSDEEP

3072:FKpkaksNgdgBK7O31eg3MC68jY5L9aTZLSX/KnTTS9k/RDVyFrzTL:SLeuMR8WL9aTZuCTTsYRytf

Score

10^/10

rat gf9d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gf9d

Decoy

tasty-drop.pro

kairosinternationalfl.com

moi-dolgi.online

kgsp.space

raceier.xyz

mulsion.xyz

eduedge24.com

conciergerietoulousaine.com

islandgirljewelz.com

landofmalbecwines.com

awesomeblossomsonline.com

dtellmebeatext.xyz

origensrio.com

organicmeditationmethod.com

viedelapin.net

petescustomdecals.com

la-verrerie.com

bluecupcoffee.com

univchip.com

jedicrm.com

Signatures

Formbook Payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook
Formbook family
formbook

resource	yara_rule
sample	formbook

Files

6f9b5c651a115ef1a19015f32ad20110.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB