formbook | b45be59343f5970290662dc9e333544b0e467b88896fb37e4a334049101aa8df[.]exe

General

Target

b45be59343f5970290662dc9e333544b0e467b88896fb37e4a334049101aa8df.exe
Size

181KB
MD5

9b087019943fbcd5c15159ab82666c81
SHA1

1f65560d44dfc42b43fa7b7c9531c555ad12c552
SHA256

b45be59343f5970290662dc9e333544b0e467b88896fb37e4a334049101aa8df
SHA512

9d01c89fb871ce390164bdecc706490accfd2e488d5c7e186fb81aa48d1f269f1154ff99599aaa0cc71bfeee28dcc5a8c41408f2acf88448031e567abdb40247
SSDEEP

3072:wMBQkmTYiXi0BT35B3Gixc6qzm3QHvC7YhK1f/irMOmdNdO:YIu75pGic6qzm3ovMY6fKrKdNd

Score

10^/10

rat o12i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

o12i

Decoy

dbepa.com

isenseot.com

trainwithmichelle.co.uk

eqhired.com

crushthehacker.com

fineartintimates.com

alphabet1x.com

gdnfys.com

bauav.com

frommm.com

easyquicklabs.com

cat-cazino.buzz

lowpriceaxis.com

brendaalonso.net

darkblissclothing.com

betrar355.com

help-web.ru

asxoffice.com

cityofparistx.com

beriterusyah.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

b45be59343f5970290662dc9e333544b0e467b88896fb37e4a334049101aa8df.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB