formbook | b63fc3cb35e5d0f4dc71f25e700b86c151d30efe022d43a3033fe25499d720d7[.]exe

General

Target

b63fc3cb35e5d0f4dc71f25e700b86c151d30efe022d43a3033fe25499d720d7.exe
Size

181KB
MD5

c15cbd34b23dff033b38f3cfabd93d5e
SHA1

fdd1403bd3c2084cd63639500e60f111f04524eb
SHA256

b63fc3cb35e5d0f4dc71f25e700b86c151d30efe022d43a3033fe25499d720d7
SHA512

c78d595c62b86d912dc980c0e5f67fc01a7c8867238e9c769e70e651285772cd18c9da93294c170914ae9520eaf4a8eedb2d9b94759e36a85033f72d8890c4c5
SSDEEP

3072:kQoEcpycyGf63ktgBZsKlNgoDi6CzMtiMmLtWUHnVg5:+QA8kGB6KlNg8SMsMGtWgVU

Score

10^/10

rat nn23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nn23

Decoy

sheilcyfashionstore.com

koikapr.com

brixu.xyz

clickoffice.club

baltimoredickens.com

alfa-production.com

ff84567.com

recargatucelupersonal.uno

carefind.co.uk

homeair-conditioning.com

ozbitkisel.net

jastech.africa

codegiare.shop

earthlings.estate

aluminiosmiquelsoler.com

wetcamera.africa

gkcihep.cyou

circlesewingvac.com

95525.vip

91yz955.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

b63fc3cb35e5d0f4dc71f25e700b86c151d30efe022d43a3033fe25499d720d7.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB