formbook | f26fc4ea0c27824a013ffa528d0aee88dcaf5f4b5defd62b48ddf2facfaa5124[.]bin

General

Target

f26fc4ea0c27824a013ffa528d0aee88dcaf5f4b5defd62b48ddf2facfaa5124.bin
Size

184KB
MD5

60d0fd39807c962e45c1ad7388fdee93
SHA1

98dbb9f3c0c9e6ac3c5bf0fd987509f6f586423d
SHA256

f26fc4ea0c27824a013ffa528d0aee88dcaf5f4b5defd62b48ddf2facfaa5124
SHA512

f153f6ba16486985244dd24df96551357e182fa744eb4e69e5c43168fb05972e896d4cda363a0439d832a8e3dbd6351060a0dee70b9997c9ef6ccdedf8b93123
SSDEEP

3072:92TYPU26FOQJ9sjqFeTiqGaXI9BOkaqfm7hxkga++wimuBtzV:XH63siUlGaXI9Baquh3a+Ymw

Score

10^/10

rat g2fg formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2fg

Decoy

snowcrash.website

pointman.us

newheartvalve.care

drandl.com

sandspringsramblers.com

programagubernamental.online

boja.us

mvrsnike.com

mentallyillmotherhood.com

facom.us

programagubernamental.store

izivente.com

roller-v.fr

amazonbioactives.com

metaverseapple.xyz

5gt-mobilevsverizon.com

gtwebsolutions.co

scottdunn.life

usdp.trade

pikmin.run

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

f26fc4ea0c27824a013ffa528d0aee88dcaf5f4b5defd62b48ddf2facfaa5124.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB