formbook | 7724828eb796d8c3310c8af73e9c19ecf37ad1af5ebc0cbd35efc5d4b36f36d2[.]exe

General

Target

7724828eb796d8c3310c8af73e9c19ecf37ad1af5ebc0cbd35efc5d4b36f36d2.exe
Size

181KB
MD5

cd16e966cc0e3f0f102d9c157dd82e4e
SHA1

9368d50e547cbaa1fa184bd21bfb089ddecc7b72
SHA256

7724828eb796d8c3310c8af73e9c19ecf37ad1af5ebc0cbd35efc5d4b36f36d2
SHA512

bbf4f8afe5a167eeebc8b9e9b2db358000fcd22d6391d0932b800ca69fe2cd0f534c19d9b62c9fa22853806ed6b56db110327764258444cce343636a3bf3dda5
SSDEEP

3072:iwJFEh7A2hy+b13/R6r6Kj9uWc7eKIdo0Z56zGDX+SGj2g9v:a7NZ/EeKj9uWbKId7nBX+z

Score

10^/10

rat re29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

7724828eb796d8c3310c8af73e9c19ecf37ad1af5ebc0cbd35efc5d4b36f36d2.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB