formbook | e8120ddaa86fc56ab083a38b22ca366809e5d1196f3c10175bc745e3dfd15750[.]exe

General

Target

e8120ddaa86fc56ab083a38b22ca366809e5d1196f3c10175bc745e3dfd15750.exe
Size

181KB
MD5

b851f841b33b2911c454b6126716e71d
SHA1

7628ab856d509adfcd7e8fc4212c71571faf9e2c
SHA256

e8120ddaa86fc56ab083a38b22ca366809e5d1196f3c10175bc745e3dfd15750
SHA512

680f8ff2c2184ab4f88b44743900ea5e6b399e1e13ef05ef2ae43542cc500e818881486ccae2220e3c147181111708395f33bc48e6e9d8220c2b5bd90f00b649
SSDEEP

3072:m81ZkcOYX2iR3h7+gMJOTKjgtCZoEilKag3Tx+Cf9:NRNhig1TKjgtCaPST4CF

Score

10^/10

rat d03s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d03s

Decoy

laurasgreenleaves.co.uk

fantastik3d.com

jsstee.com

foodynation.co.uk

3623wnorthgate.com

titanmedical.africa

keithjacksonlifecoach.com

kardilah.shop

crisscrossfishsauce.com

lojatanamao.online

ceways.com

holybreadstudios.com

c66u.xyz

poococoin.net

exipureyour7best.online

easterislandfoundation.net

09448.voto

gzbzxyy.com

0uqx.xyz

agentfarah.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

e8120ddaa86fc56ab083a38b22ca366809e5d1196f3c10175bc745e3dfd15750.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB