formbook | 175afe9e12a511bbd4b611c0c8d57c2279ba00357870187d7bdf8cb20fcbaf82[.]exe

General

Target

175afe9e12a511bbd4b611c0c8d57c2279ba00357870187d7bdf8cb20fcbaf82.exe
Size

181KB
MD5

347a3d46cbbc2d1455dbd273eefc1d38
SHA1

0193824561023a31cbf57888f7fcee045235da59
SHA256

175afe9e12a511bbd4b611c0c8d57c2279ba00357870187d7bdf8cb20fcbaf82
SHA512

47374e92b2d38ff7bc99eed4c0c8219c49cb3626a5dc9cf87385dc243a511c586ba5d37e647b4613ae1014aaee7e8898cd2056200e8db92a1f7d61ef7064f0e0
SSDEEP

3072:P81ZkcOYX2iR3h7+gMJOTKjgtCjoEilKag3Tx+Cf9:SRNhig1TKjgtCMPST4CF

Score

10^/10

rat d03s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d03s

Decoy

laurasgreenleaves.co.uk

fantastik3d.com

jsstee.com

foodynation.co.uk

3623wnorthgate.com

titanmedical.africa

keithjacksonlifecoach.com

kardilah.shop

crisscrossfishsauce.com

lojatanamao.online

ceways.com

holybreadstudios.com

c66u.xyz

poococoin.net

exipureyour7best.online

easterislandfoundation.net

09448.voto

gzbzxyy.com

0uqx.xyz

agentfarah.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

175afe9e12a511bbd4b611c0c8d57c2279ba00357870187d7bdf8cb20fcbaf82.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB