formbook | 6147af8263840617beb21652bb8db0fc7683a9e62a084254e548a884c8fa9a31[.]exe

General

Target

6147af8263840617beb21652bb8db0fc7683a9e62a084254e548a884c8fa9a31.exe
Size

181KB
MD5

804ed16d25be0e661279437f545148b7
SHA1

fad4bfd47598ee39c7b52045df76900d19428cd7
SHA256

6147af8263840617beb21652bb8db0fc7683a9e62a084254e548a884c8fa9a31
SHA512

71c9fa27f4986119d77dbe06de57639efae6751c106df7e16c3cf295c22da713ca6462701463ef580e3bb0592126d8f9c7349e60eb0a9a364b1f25691781a5f0
SSDEEP

3072:jkGpvkIuA/rLk3cxK12P4sav3lgRWLJiW8fWs01LhUyu1TkV6L3hB0:b9Kc412gsav3lgRkkq967NL3

Score

10^/10

rat jr22 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

jr22

Decoy

941zhe.com

lunarportal.space

xn--osmaniyeiek-t9ab.online

trejoscar.com

nrnursery.com

quizcannot.cfd

seedstockersthailand.com

watsonwindow.com

wjfholdings.com

weziclondon.com

naruot.xyz

yeji.plus

classicmenstore.com

oharatravel.com

therapyplankits.com

keviegreshonpt.com

qdlyner.com

seithupaarungal.com

casinorates.online

8ug4as.icu

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

6147af8263840617beb21652bb8db0fc7683a9e62a084254e548a884c8fa9a31.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB