formbook | 24552144f5fb02e6e73e46581a16dfd23eaffa02b90781f34f0b3692cab926d4[.]exe

General

Target

24552144f5fb02e6e73e46581a16dfd23eaffa02b90781f34f0b3692cab926d4.exe
Size

181KB
MD5

883a36165d45cffa69e01d06532d3958
SHA1

4034cc0bc72a474fca5204528c658e6f79e0de4b
SHA256

24552144f5fb02e6e73e46581a16dfd23eaffa02b90781f34f0b3692cab926d4
SHA512

d136a91a0bf4e4ab8bf1152e33fbac22e4ee19bae6de8f11fd7488534cba42ccf2ac7b0e98a648e7712122dbf6ff3f471649e8b35572af7fc94131c7b35ea21e
SSDEEP

3072:SOd+EHnpnQrnYS3sxfFHLhZlJ6AoRh3kd/+fkuedOd7RoLG3yHY:ZPJFEsVF/L6AoRhA/gpoLZ

Score

10^/10

rat dr62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dr62

Decoy

juanbrujo.com

toptasker.africa

g-labs.one

1redbuckpermonth.com

lasolutions.online

beginagainmen.com

iearn.site

leading-car.ru

codigosindiabetes.fun

6y8ud.bond

fptmarket.shop

ctjhxv3.vip

huluxia2.xyz

piggg08.uk

kms-pico-tools.com

westonandcate.com

giftrendz.com

kqwdhrendfywefdst.top

anchitchoudhary.com

sistemodasi.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

24552144f5fb02e6e73e46581a16dfd23eaffa02b90781f34f0b3692cab926d4.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB