formbook | 7f8d1823d07c98a5ea6e9d2848faf940231df09568b4fee525f18ea59d6094bc[.]exe

General

Target

7f8d1823d07c98a5ea6e9d2848faf940231df09568b4fee525f18ea59d6094bc.exe
Size

182KB
MD5

2751d4a631a88c9ebe38e0e53737575b
SHA1

cb7aae218282f22021ca5857059fe0e7f93e7c98
SHA256

7f8d1823d07c98a5ea6e9d2848faf940231df09568b4fee525f18ea59d6094bc
SHA512

93f568a83fd64b307985c5d46a5a438f6356934e9dec799bae942ca61d9aca0b78d3298d48610e586a6f0bdf4abca0d6831c71d3831481c5cc1860d8833ad56c
SSDEEP

3072:/8QnUQwBFKRujtBxb7ZMcR0j2Rg8GYFsh9h2mQlufoRR84gHy0QtHnqkQ:XNFuHl7ZMcuj4K9CufoRVgS0SHc

Score

10^/10

rat cs19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs19

Decoy

asafkozmetik.com

hitcentersinc.com

healthcurezone.africa

umzontsundu.africa

llklkj456.online

simplyfetchingweddings.com

agile-workforce.com

efefcapricious.buzz

natalyrunner.ru

alain-jp.com

uhdtubesex.net

amerika-express.com

evolutionunited.com

digi-eye.app

10086o.xyz

airinsystem.com

fullbasketballacademy.com

kronoendustri.com

kujzap.cfd

ankleswelling.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

7f8d1823d07c98a5ea6e9d2848faf940231df09568b4fee525f18ea59d6094bc.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB