formbook | e807e8e0425875cb3aaae933da3ba3752c7ca0bf87bef7c7803ba58c114854bc

General

Target

e807e8e0425875cb3aaae933da3ba3752c7ca0bf87bef7c7803ba58c114854bc
Size

181KB
MD5

12e2ac39fdc91ce7e72a2a4e82e3e8db
SHA1

90f5489fa55316e58f7d558124d0d2aaef7c72c2
SHA256

e807e8e0425875cb3aaae933da3ba3752c7ca0bf87bef7c7803ba58c114854bc
SHA512

eca47f00f46e4cc92e9dc8a40200cb111c0d0643d930b0d896847ff58c11558784d8bf1006320f4ae4a863811898b00c4896bac5f8e1b01195f491c44aac39d5
SSDEEP

3072:tkawgkmBuqUEpo3kqQ1ntywCjKLB8VZUeyuG55PzqHOFjy35y3QwW/d:ksDmkX1n8TKLB8QyGPzqyj93C/d

Score

10^/10

rat tc10 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tc10

Decoy

mwigyu.com

sepuluholx.com

nsdigitalagency.com

horrorkore.com

santaclaracoimbrakarate.com

myeternalsummer.com

laosmidnight-lotto.com

haremp.xyz

boyace.top

unusualwithdrawal.com

wildflowerkidsri.com

backlitvps.dev

topwellgas.com

k3nnsworld3.com

wanbang.xyz

cntvc.net

sjcamden.church

pussit24.com

claml.com

statisticsturkey.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

e807e8e0425875cb3aaae933da3ba3752c7ca0bf87bef7c7803ba58c114854bc
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB