formbook | ebfda63ad26286641f86b1a38cecf83d319df89d550f77a696e6adc50bf002af[.]exe

General

Target

ebfda63ad26286641f86b1a38cecf83d319df89d550f77a696e6adc50bf002af.exe
Size

181KB
MD5

c2f0097bc145fa2feafcc0cc2ba94688
SHA1

c8e57c780ccee0d07f0b268febc853376cf1ece0
SHA256

ebfda63ad26286641f86b1a38cecf83d319df89d550f77a696e6adc50bf002af
SHA512

a8d4547348fd8befbec3e42f6c142081aa9e4b487a67fc0301d6bdc2d81d672206d5c3a39034fc7a23749a77845083c0e49c07d00d93558b1bbdfac46c59a3b3
SSDEEP

3072:he0U3Eovo9ZvEnb3tWG12IYCKpn5X/oDpcndrYP4jL5MC8xOACocI:6v9ztJ128Kpn5UkYPO8xOS

Score

10^/10

rat a19i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a19i

Decoy

onelovefungi.com

paperlesspoop.com

perfectsalaries.com

tutor-dashboard.com

canucksshine.com

brl-mo6.online

fathistudio.com

iptv-3.com

hbombmedia.com

ifizidi.com

dahuaguinee.com

jyrbz.com

aawwuk.com

aina.health

socialbod.com

27mk.top

gnomeswhognow.net

unrivaledpurpose.com

randy.cloud

referralcodesmarket.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

ebfda63ad26286641f86b1a38cecf83d319df89d550f77a696e6adc50bf002af.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB