formbook | 6ceaa76d5931dc79637ef15f83d892860d242f3f26f21852f174fdaac338667f[.]exe

General

Target

6ceaa76d5931dc79637ef15f83d892860d242f3f26f21852f174fdaac338667f.exe
Size

181KB
MD5

033211fe3d02e85519cf52962a79d9aa
SHA1

3a90baf6e13196cf4e4aae784383187ecf462347
SHA256

6ceaa76d5931dc79637ef15f83d892860d242f3f26f21852f174fdaac338667f
SHA512

3065901a42ae577f832f0eaf6345cd70d6ca49b38f80138fe03e0123a722eea8c0501b881a367318a4f1fa9dcb08ff7d4ab5e3bd3c2567c9e9293e6f9d24d9c0
SSDEEP

3072:se0U3Eovo9ZvEnb3tWG12IYCKpn5X/oDKcndrYP4jL5MC8xOACocI:Rv9ztJ128Kpn5vkYPO8xOS

Score

10^/10

rat a19i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a19i

Decoy

onelovefungi.com

paperlesspoop.com

perfectsalaries.com

tutor-dashboard.com

canucksshine.com

brl-mo6.online

fathistudio.com

iptv-3.com

hbombmedia.com

ifizidi.com

dahuaguinee.com

jyrbz.com

aawwuk.com

aina.health

socialbod.com

27mk.top

gnomeswhognow.net

unrivaledpurpose.com

randy.cloud

referralcodesmarket.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

6ceaa76d5931dc79637ef15f83d892860d242f3f26f21852f174fdaac338667f.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB