formbook | 0x00090000000133ec-58[.]dat

General

Target

0x00090000000133ec-58.dat
Size

185KB
MD5

a20ea9350fa5aa4d9641723f3dfc1b31
SHA1

c23cf2953ea071eac81740a687473442c66e73de
SHA256

01afe1517575e1fd7f60e86702fc11a97cfc74718e520c6016eef42fa164b4ae
SHA512

296b4ace0af1f33abb8c3c0262999b07c8ad6e9a4c075959b43335992f1058865581b2c7d362dc824ed787f61dc9c62338778cd28e12add2ac34b086ca62e035
SSDEEP

3072:MvcKNG8E11C6YVIu331anQzzaXqPzOOZy36OWQ8sSCxVCmif6:WNGvKeI3MMzaqPzO9tECxVef6

Score

10^/10

rat a24e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a24e

Decoy

flormarine.co.uk

theglazingsquad.uk

konarkpharma.com

maxpropertyfinanceuk.co.uk

jackson-ifc.com

yvonneazevedoimoveis.net

baystella.com

arexbaba.online

trihgd.xyz

filth520571.com

cikpkg.cfd

jakesupport.com

8863365.com

duniaslot777.online

lop3a.com

berkut-clan.ru

lernnavigator.com

elenaisaprincess.co.uk

daimadaquan.xyz

mychirocart.net

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

0x00090000000133ec-58.dat
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB