formbook | 63351d94c96745a2830b1a206583511c04d1f78cd631d2c51c08cfd391f4a211[.]exe

General

Target

63351d94c96745a2830b1a206583511c04d1f78cd631d2c51c08cfd391f4a211.exe
Size

181KB
MD5

34b079f213dbd387f13cce2c610d3d57
SHA1

b6ac63a8b8878ac6d5e10487d32fbef9f4aed32f
SHA256

63351d94c96745a2830b1a206583511c04d1f78cd631d2c51c08cfd391f4a211
SHA512

42db6308a851094feb8b599a6bdbefc4e398f9392ca7d20eb8fb1291d02f79a6c6d5cda1f15f80e4fd33055e640aded18c5543b9105079b41d718722e4529e90
SSDEEP

3072:U0rOkQDI/W0mY3n07s1DUaYXk9BJb1Uy5LKZcNNJq0Lpq+KymRAykMdw8:OTWnu2UaYXknnjKeNj1LtKVUMu

Score

10^/10

rat b07o formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

63351d94c96745a2830b1a206583511c04d1f78cd631d2c51c08cfd391f4a211.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB