formbook | 51054c5181fc248a1642dc3a5cdb7f353aaf5d136aa20bdc59084970e74c5a8b[.]exe

General

Target

51054c5181fc248a1642dc3a5cdb7f353aaf5d136aa20bdc59084970e74c5a8b.exe
Size

181KB
MD5

7d73c712c23895a7ae8c83c40c004b52
SHA1

3a92a36723b1d765368f29f3e448d256b31f50ee
SHA256

51054c5181fc248a1642dc3a5cdb7f353aaf5d136aa20bdc59084970e74c5a8b
SHA512

671f5b7af9466240f8469bd9035332e12beff9c2fe068f391f4cbe56058002a75742f648c029ff50961a3ce82ae7d89f5626954aeeef6666de97d39f0aa8fb51
SSDEEP

3072:A0rOkQDI/W0mY3n07s1DUaYXk9BJb1UypLKZcNNJq0Lpq+KymRAykMdw8:yTWnu2UaYXknnTKeNj1LtKVUMu

Score

10^/10

rat b07o formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b07o

Decoy

rpalmerdecorating.co.uk

magellanalytics.net

28yorkave.com

woodburnershop.co.uk

jcw-media.com

helinica.com

yuaneju.com

akypan.top

cavidahome.com

annaswiatkowski.com

123findcapital.com

danielle.nyc

dhcons.click

ocnarf.co.uk

1wowoc.top

corbett.one

extersolutions.com

fcukart.com

fadaona.online

guangness.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

51054c5181fc248a1642dc3a5cdb7f353aaf5d136aa20bdc59084970e74c5a8b.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB