formbook | 860942d3b0190341282f2ae2d76d65f0374698fc48852aeda79966130bd68216[.]exe

General

Target

860942d3b0190341282f2ae2d76d65f0374698fc48852aeda79966130bd68216.exe
Size

181KB
MD5

6036aa1bb059db77e67d0163c0d23f49
SHA1

19ec478159081f73ef92bf2ab3a6d96d7d323062
SHA256

860942d3b0190341282f2ae2d76d65f0374698fc48852aeda79966130bd68216
SHA512

bcf50cac444c84e6fd970f59d007b75f18083d1938e55c9fd5ed2331af2bd5dd04b68b56a3228c257530b16b694e99084f862db0255c5fd86a4412ce51d32c9a
SSDEEP

3072:5Go6CkmJlwL7Vx39cQ95fgbEEvcbIKVm1xhRXloxIL7:i6uBt9d9NgbEEvcbIKIxRaxIL

Score

10^/10

rat fh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fh11

Decoy

dejeucrew.com

naijacash.africa

hhnego.cfd

freeentitys.com

acestrix.com

family-doctor-38536.com

kelleyhomegroup.com

ridamedicalsupply.com

ease.dev

moneyerase.com

ax-assess.com

dexzec.com

lazada.cool

themontery.africa

4help4all.com

fxfreedom.vip

twitterabout.com

kensingtonbuisserv.co.uk

488677.vip

akfomtechnology.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

860942d3b0190341282f2ae2d76d65f0374698fc48852aeda79966130bd68216.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB