formbook | d0f12689eacf1ad6c798d62635bf7f18a855264a42e072ca9a2cb6a742a39dba

General

Target

d0f12689eacf1ad6c798d62635bf7f18a855264a42e072ca9a2cb6a742a39dba
Size

181KB
MD5

55928e32379750d6a8de4a645b9c5599
SHA1

74585436b947aa304b26fa718a6e82ce0ee1d438
SHA256

d0f12689eacf1ad6c798d62635bf7f18a855264a42e072ca9a2cb6a742a39dba
SHA512

636045d50d01b88b12ddda006ac7af712601aadc0ed18d4189633c59ec9b63a51e9dcaf98ca7ab258f9c65af29911cf9013b6dfc1d4eb050a15269340336aea1
SSDEEP

3072:IbX4kQvFJdO43t/c5scFV6hP/zSJRKUweMoeks3jG1ZlRRR:PU2tk5B6hP/MK9e3eHzG1Z

Score

10^/10

rat n13e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n13e

Decoy

cowiemarketing.com

uniqueliquidz.co.uk

755259.com

7bw95.com

luxbarstools.co.uk

baccaratda.com

berkayakpinar.xyz

gistus.africa

hjd387.com

leave-fly.com

golfclubdaddy.com

engineeringea.buzz

countryrevisited.com

decoracioneskalite.com

imaginationlirbary.com

moneytransfer.africa

brainwaveproject.com

3039sjbqf2022.com

184hotels.com

aromamiaro.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Files

d0f12689eacf1ad6c798d62635bf7f18a855264a42e072ca9a2cb6a742a39dba
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB