formbook | s[.]exe

General

Target

s.exe
Size

185KB
MD5

891152fdc4a9c641e0cf335d289cb83b
SHA1

ba22879cc40bc3e561dda82800724e3de91d0f55
SHA256

7b6d4e90afc1063245c198d1333509bac7241f939692cb4110897003994c9e2c
SHA512

2751b0aa82369ecc377a2aaba62f243978d8486b282e89d0ab302ad2bf83a7f8ecac50c99491c7f77d1fc11a70ff50a10f519e6d9f0f2818f8a604821dcd5420
SSDEEP

3072:bTXEayzutz03V6DmMnpN0uWK7yXeBuX+u7bL1Knk11Ua:DRaVszpN0uWtXeBcp/Lcza

Score

10^/10

rat j02y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

j02y

Decoy

toplinkstorage.app

danny-mickey.space

0755aite.net

okchurch.info

4tlracing.com

jacksoncafepaola.com

552northvictoria.com

eevakoskela.info

tradecontractortraining.com

abtbank.online

voicetall.com

chicken-shack.com

acmumzo.info

futureclosers.com

bctugala.com

adagihlina.xyz

emprendeahora.pro

bybala.com

hlcp5533.com

ingspira.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

s.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB