formbook | tmp

General

Target

tmp
Size

185KB
MD5

62a166dcbf9f11c4b88edd0b3eb24b7e
SHA1

7e5915d7bb41e2a2cdfbb68c333d885df3e0384f
SHA256

d092923bdc00cd1f84007efe05cc2bd459dd1134acb0b9543cae766adf982c10
SHA512

1e1c8c14857e57531e474407403c9a34c4b9509888323203572ca0a35b43779fcfcea4d5072adeb8373cc8ff39bcf5a900a8a4d7b44cf719649163c103a09b25
SSDEEP

3072:6KpKktx/p5hm3KB2MmbGqbLcykhYDqYxVzXerDcQvM6wYOx8f:pvQKoMqfbLcykhhYxVzXADpvjS8f

Score

10^/10

rat p205 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p205

Decoy

orderactivgreens.com

quickshipfloors.com

planetcompression.com

deluxparlor.net

heartrootspirit.com

getmoremail.com

ourbranch30225.com

louisvuittonsmen.com

heritageshore.com

7336m.com

nationalcl.com

elluciangovernmentcloud.com

youniiqueproducts.com

stlukesparkcity.com

dundeemrc.co.uk

homecheck-in.com

vintage-charm.co.uk

empreendedoranatural.com

fineduconnect.com

nvcukipj6.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

tmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB