formbook | 9739b15bd8493e99e281d62d213ddc4cce684b1e833af4634932c57a669035fc[.]exe

General

Target

9739b15bd8493e99e281d62d213ddc4cce684b1e833af4634932c57a669035fc.exe
Size

181KB
MD5

00a41a4804673581f675471bffa2bafc
SHA1

a9ebc4956b89e080451dbe619176a7e9ab8c8dd9
SHA256

9739b15bd8493e99e281d62d213ddc4cce684b1e833af4634932c57a669035fc
SHA512

f5136ac20e83e69492288e70de29c628517983f4e32e4f07bf61cdae8273d7eebbdef35febec348189a79433abb65f23943cd62cf40a16711eca3751c4a3a8cb
SSDEEP

3072:9SBtkUimUbUffP36DCEtnaBlVTeWR5vcLtWA0AN87GqgodtpVu:SFHP62IaBlVyW7sQK87GAjpw

Score

10^/10

rat nu06 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

nu06

Decoy

cutmentor.net

alexwright.xyz

gymbastic.com

creperie-lalios.com

equipmentblock.com

zwangerschapvanweektotweek.net

asimulationcompany.com

g9technoinnovation.com

bestbirdies.xyz

addhair.online

get-breakfastburns.com

aex-studentki.guru

jhpx888.com

gemologic.dev

thegreencarshop.co.uk

alessandromargonari.com

cosmosynz.click

letstalkreparation.com

bka-i.com

hervelegerdressshop.co.uk

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

9739b15bd8493e99e281d62d213ddc4cce684b1e833af4634932c57a669035fc.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB