formbook | d62ae54fff793497fb9068e7349b02f4[.]bin

General

Target

d62ae54fff793497fb9068e7349b02f4.bin
Size

185KB
MD5

d62ae54fff793497fb9068e7349b02f4
SHA1

82910e8a419cf3d098e4414f9bf54070823d7953
SHA256

ed7cffa33cba2ae44d44f61137d598743a1e9a3c20a66d5a77381e39846ad3be
SHA512

ba8dc5428511e7a07c8f89070df80ea1738417aec1bce7c65dcfc44ba2ee1fa89498297f9d69efc386c62fde1a439ee2758716d3ec12a59f780eafd155d549f7
SSDEEP

3072:0e7Cagk1zd/d8D3IQu7ubvWJCOiVsoCnO5lV+E:0CMrIDybvWJ7iVsU

Score

10^/10

rat pg21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pg21

Decoy

tfcservicesaz.com

mpstock.xyz

bireus.xyz

joof.xyz

rollitaway.com

mindrocketagency.com

ng014.xyz

be-simplify.net

unitedheathcarepa.com

frkswyf.com

ourdivinedynasty.info

ratoxiclub.xyz

abutest.com

coothohh175-biglobe.xyz

tureau.com

pankajkhairnar.com

sparkleupny.com

sydneycream.com

lartigue-demarbre.com

institutofisherman.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

d62ae54fff793497fb9068e7349b02f4.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB