formbook | a7c74a43e1521ed01621bfe4d28e223f87a9e2999c8c5f8103a5c71ab93945bd[.]exe

General

Target

a7c74a43e1521ed01621bfe4d28e223f87a9e2999c8c5f8103a5c71ab93945bd.exe
Size

181KB
MD5

7fe7d5cb5f187fdb9af15553e21564e7
SHA1

d219878884c807fc48a1b9ab1f359d4dccf6d4a8
SHA256

a7c74a43e1521ed01621bfe4d28e223f87a9e2999c8c5f8103a5c71ab93945bd
SHA512

4856697ea7416e14a14a0327c384150d8190909a28375fccd7dd5471e165c8af0f1a325b55b17c578b1ef370693e4276fb2d2d079775fd73c863593f2d28e7ff
SSDEEP

3072:xhUGkDYGoZlE713FCjBl4rjBUQPMGAruJV8DE1j5qntnETX6:/CZF8BmrjBUQsMOAR5khETX

Score

10^/10

rat ga23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga23

Decoy

discosprofix.com

countryrut.com

indeedimmigration.com

nafex.africa

audit2022.live

ohmymarketing.co.uk

btexmo.xyz

family-doctor-13651.com

band-van-rental.com

atiquelibraryguide.com

woodlandchildcarecenter.com

johnsopenrealm.com

agencymylife.com

lit-energy.com

ishraqatranslation.com

oxfordsailtraing.org.uk

platinum-med.net

pinotnoir.rsvp

elementautomobile.com

gopromizosion.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

a7c74a43e1521ed01621bfe4d28e223f87a9e2999c8c5f8103a5c71ab93945bd.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB