formbook | b4ae90babbf85fb137c173dbc6a8791c9b40a7d9b32ab70ef81284736c683710[.]exe

General

Target

b4ae90babbf85fb137c173dbc6a8791c9b40a7d9b32ab70ef81284736c683710.exe
Size

182KB
MD5

fecd6f2a5e4a94cc09b721727a86295d
SHA1

8d62a8780080340e42046dd40185da0f9207a9f7
SHA256

b4ae90babbf85fb137c173dbc6a8791c9b40a7d9b32ab70ef81284736c683710
SHA512

a1a1b7de84cb298a497f53b1e159fb2f424eb9b6a9ffcba0b9b38748fee4be6a419ce2ccd3e8467d361740bb25f36aefb8db5cd6969942f5dc18cb387aadc21a
SSDEEP

3072:gPEUkhyXt4Dg3h4IM2GH4j7evbUluEApIpZ7HYrqHbq5cPmmDU:tBuhFMDYj7ev4luXpIYrqHis

Score

10^/10

rat sy22 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

logichunter.com

kp34.vip

ellementscrystalco.com

investcentre.club

veloxcarriers.africa

luxureejewelries.africa

clubmaie.com

gomophyio.site

usapaperballots.com

endviolence.ooo

cambrianopps.net

melkas.africa

arcteryxphilippinesstore.com

ancientcrew.com

davisgeneral.store

vieop.online

homemaintenence.com

jobrides.com

cheaphealthyfood.com

creusetonline.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

b4ae90babbf85fb137c173dbc6a8791c9b40a7d9b32ab70ef81284736c683710.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB