formbook | 0x000a000000012767-58[.]dat

General

Target

0x000a000000012767-58.dat
Size

185KB
MD5

030508e78953c220beed8a6e856335a9
SHA1

60c9a3ce572bd74ef86837ae5d290b6360ffbb30
SHA256

994a76463819c8691e5312bac1cc731da7c954c3bd7b8a6263c005b2510c08d5
SHA512

de9c126f9a5dd4d8ae244d78a3dd3a1266a6f8bff2edb5cb402b974750e3e1b6ccd7b4f0a2a3429d9e76d87c325a901ed1463ec202927bcf01d9b0dad8d94418
SSDEEP

3072:fftKkkopI9a9v3V5yjvqu+aNTQ4xTZanOOY3Cezup8D:3FvVYrqu+aNs4lZihY3CezHD

Score

10^/10

rat hh20 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hh20

Decoy

pdeals.net

pipelineplumbingheatingair.site

migrant.studio

yyla.shop

hbjrjxsb.xyz

kenlov.online

totaleliteme.com

joincorpoverview.com

quietgrass.com

shopdetox.online

afyalab.com

jieshuo.art

k-crafts.com

ohiowcsolutions.com

octjo.com

huayanger.com

lowsugarbakes.com

appsdeconfiance-10.com

outdoormakeovergroup.com

venturi-construction.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

0x000a000000012767-58.dat
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB