formbook | 28064cadca7850f4a9d77345a0e1b620[.]bin

General

Target

28064cadca7850f4a9d77345a0e1b620.bin
Size

188KB
MD5

28064cadca7850f4a9d77345a0e1b620
SHA1

be28329bbe8aa7a81c32bdae2841ffb7286c2c10
SHA256

fa0b6404535c2b3953e2b571608729d15fb78435949037f13f05d1f5c1758173
SHA512

6072aad8406450328eb67f46227794def39f7952a40615e3b4cbe8bd678f36bf7b14d63a785558b632a3250489d9836c1bdba196ea8806f6ac7c4f818ddc39fd
SSDEEP

3072:xGva3koBxEF8cwg13q5iwidqrU7NlpRvKCcBKaFx8bzuzZQz/:5SZqMw0qrU7Nlf+BKaFxmzB

Score

10^/10

rat g2d8 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g2d8

Decoy

scotiaperu.pro

professorhelpmepublish.com

fgav8c.xyz

wheelsofarabian.com

hakotog.com

clorecx.online

416077.com

axilonlogistics.com

lycomfg.online

redsschool.com

pirateslife.uk

zjjysws.com

xn--conexox-1wa.site

bgbegone.com

justkitchensolutions.com

bankingofoklahoma.com

ontop88.pro

spicedrone.com

nashvillelistingphotos.com

stockast.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

28064cadca7850f4a9d77345a0e1b620.bin
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB