formbook | 0x000a000000012311-58[.]dat

General

Target

0x000a000000012311-58.dat
Size

185KB
MD5

d3ac8e00dd791752d47327d53cdb2515
SHA1

5f820ebe7772a56d71096356443b858ae0b52276
SHA256

e3bdaf1daee2ad35479c213122391cb3d27f193896aef414ce6edb516c0133aa
SHA512

4f181b863e792212507b48374b232ccffa0528a915f3f41529205a3da5c6ce2c8063ad50b57f5ec2bb0e1126eb4d2ab9eb34036d014d633c0eecf3771fff3579
SSDEEP

3072:0I9LEU/TKT3eC32JWqk6IIlYVNsbU49nY9TxZiC:dt02856ImYPsvnY9TxZ

Score

10^/10

rat c0e5 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c0e5

Decoy

educao.pet

e-race.store

clitzhyper.com

webcheetahtech.online

akkarr.online

odevillage.fit

yaignav.site

191u.us

misionartv.store

leadingpastor.com

claudio-vega.store

9mck753.com

system-reminder.live

landsharesfg.net

lmcsf.top

mkstoreacesse.com

2023.domains

yb8.mobi

2q02f4fyxg7ybb18.digital

logtray.shop

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

0x000a000000012311-58.dat
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB