formbook | 3c0502b791c861356ec9f97a2324f5bc20852dbc2a203bd427fc247955faf16e[.]exe

General

Target

3c0502b791c861356ec9f97a2324f5bc20852dbc2a203bd427fc247955faf16e.exe
Size

181KB
MD5

1866f12158e36e6590352c97ae627647
SHA1

1507630e0108daa802041529e67452e3c7b8be55
SHA256

3c0502b791c861356ec9f97a2324f5bc20852dbc2a203bd427fc247955faf16e
SHA512

4e0723e41b79a3a8074e4c001a8b4218b9045d9ee576e2c0755632421516a8aad66495edb1a027f6934d4ae4ff401f784bc98909ce1f023736f0881814206975
SSDEEP

3072:QxsKECe7s8QoDn3k8Q5sREIKZq6q6G+dM+Sws17imXbd5Z+uwtef:uc3k5+Kq6q6G+dMis7HAuwc

Score

10^/10

rat gg62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

growfast.africa

lerema.com

38945.se

wheelfermotors.africa

giftshareforyou.online

burrismktg.com

keepgrowing.uk

efefhomeless.buzz

bryanokoh.com

fashion-clothing-40094.com

andreasunshine.com

naijahood.africa

aditrirealty.com

kinnoitodatsumou.com

cryptoqzclimax.com

hairly.biz

comeuphither4.com

integrity360.ltd

flushywhole.com

8869365.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

3c0502b791c861356ec9f97a2324f5bc20852dbc2a203bd427fc247955faf16e.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB