formbook | 255581af46ed0cf99c3fd8482d942238f5c34cc6935272cf85e2bb37e99a3d8e[.]exe

General

Target

255581af46ed0cf99c3fd8482d942238f5c34cc6935272cf85e2bb37e99a3d8e.exe
Size

181KB
MD5

28106bb091a513d0a65515b0d9b0cf3e
SHA1

303d7266e05c24a896600874e7870643190769d1
SHA256

255581af46ed0cf99c3fd8482d942238f5c34cc6935272cf85e2bb37e99a3d8e
SHA512

00725e8a73895274f567bafdb5970a22acd8b1e6f75ddb63fa657d0906c0c63c794f8bcb5e0f58512aacd115add0a1e552199b07a4a13702332da384bec4d3c2
SSDEEP

3072:k/0Er8+HYFqFXT3hkrlDi6fPluOgemTo4isVFCTHXzfhsb:2/cS7his6fPljgdCHXzfhsb

Score

10^/10

rat sz17 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sz17

Decoy

wearedcs.co.uk

ciomm.ltd

cleaning-rostov-na-donu.ru

globalinstrumentsindia.com

tzhysj.com

desguaceortiz.com

o2workshop.co.uk

letstalkaboutsucc.com

intentionalbath.com

corol-paris.com

laro777.net

goldenhavengames.com

ichabodathleticsfund.com

doferton.com

12thpresidentparty.com

adac-parts.com

leadersvoyages.com

propertyphotogeeks.co.uk

jj88n.top

ert396.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

255581af46ed0cf99c3fd8482d942238f5c34cc6935272cf85e2bb37e99a3d8e.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB