formbook | f0a5c2339933c5547d78a0e2015cff25fadc7fe2d56f8822202f874c1a8b979e

General

Target

f0a5c2339933c5547d78a0e2015cff25fadc7fe2d56f8822202f874c1a8b979e
Size

181KB
MD5

d926a90d5e176eaa4d0b7dd98cf45dd1
SHA1

ca8bc9fe7f737a4a8f5813aae5b1c011c7421c84
SHA256

f0a5c2339933c5547d78a0e2015cff25fadc7fe2d56f8822202f874c1a8b979e
SHA512

48bb5cb5cacd7784cb14fc5faaf07c4a0045beecbb6a6e53b4582bac2f2d90f738aa6680409aee9143b2d9cdbcb6ed4176879d7322f4a3de9d0597635bad3134
SSDEEP

3072:GytHk412ERXjg305CEqYwamyFM3d1aaTqI4+EZkz+SFY+bcIPVL0:dru0MEqnamyFM3d1acqIKLSFY+zVL

Score

10^/10

rat p25s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p25s

Decoy

krautdialer.com

jasmine-baba.com

jdyokum.com

lingeriepourdames.com

freefontforest.com

32612.xyz

katkisiz.info

blueskyinteractives.co.uk

ieruiw.top

nurfedui.net

allsttk.com

tanglwood.net

gyrationtechs.africa

tpsplant.africa

kp-morioka-minami.com

aiindianapolis.com

axesslimousine.com

shopvougs.com

couldskuathink.com

aformulaonline.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

f0a5c2339933c5547d78a0e2015cff25fadc7fe2d56f8822202f874c1a8b979e
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB