formbook | 01ab7eab84acdfbdf2f3addd8894d10cfc7993c11c7cfb3754fb649d9be86264[.]exe

General

Target

01ab7eab84acdfbdf2f3addd8894d10cfc7993c11c7cfb3754fb649d9be86264.exe
Size

181KB
MD5

98994d7606e0c9da417024c03c54b591
SHA1

fa4e90845234e35c27fb5d1a2f61fd02d5c3d3f7
SHA256

01ab7eab84acdfbdf2f3addd8894d10cfc7993c11c7cfb3754fb649d9be86264
SHA512

ecd5c8fe6deca84bbfefab70cbea0f2ab20663d4e0317b44514d639f208c1038298b1fd4890b10210564c49c4d168ff97d1f7a978b00a8e2edfe9e4a77246506
SSDEEP

3072:2bX4kQvFJdO43t/c5scFV6hP/zSJRCUweMoeks3jG1ZlRRR:BU2tk5B6hP/MC9e3eHzG1Z

Score

10^/10

rat n13e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n13e

Decoy

cowiemarketing.com

uniqueliquidz.co.uk

755259.com

7bw95.com

luxbarstools.co.uk

baccaratda.com

berkayakpinar.xyz

gistus.africa

hjd387.com

leave-fly.com

golfclubdaddy.com

engineeringea.buzz

countryrevisited.com

decoracioneskalite.com

imaginationlirbary.com

moneytransfer.africa

brainwaveproject.com

3039sjbqf2022.com

184hotels.com

aromamiaro.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

01ab7eab84acdfbdf2f3addd8894d10cfc7993c11c7cfb3754fb649d9be86264.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB