formbook | tmp

General

Target

tmp
Size

185KB
MD5

527d139b035b5a1713708cd0204238ec
SHA1

6fd4b193b022734a1d95123db189cda114796d8a
SHA256

8f73bafddb4146bb2f171e6ab67fe8ea2e870319b086280ddf948eb54cac1f7a
SHA512

6046e7bafbbc9a965d9c0efa5a106d2cbeafc134c56f7ef2fa2d43a4b475f06badc2495a4a10d2b727c187cd58a45eb9feb1532eff2e020f7d61383b0c7f151e
SSDEEP

3072:yi9EP+o5Mgz30tozcYoKqatFWHV9bf5RvLD5t9a:M/b0OzcLKqatFCV9z5Rv/5na

Score

10^/10

rat g2m0 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2m0

Decoy

toolatetobesorry.com

treeoflibertyco.com

dreadedyarn.com

priscillamatsushita.com

elenge.net

howork.net

qmgames.info

mysteryofbirds.com

dicks-boats.com

playsupermariobros.com

tulusurvey.com

wmgon.site

sareecraft.com

balladhealth.expert

osdauto.com

535395.xyz

grafschaft-hauenstein.info

orderlacabanatica.com

buttergrill.com

carterroecapital.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

tmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB