formbook | 24_5df985493ee4e1c58b4c0698ec38322284d805227b0110d4dae2d6139fba4412[.]zip

General

Target

24_5df985493ee4e1c58b4c0698ec38322284d805227b0110d4dae2d6139fba4412.zip
Size

130KB
MD5

27d00104d240c6a01dc012502d5cb7c6
SHA1

fe4d71f4c0b6d6b2549538ea9432351b4ad972f3
SHA256

ac9cd34ce738d41b188e8c09023e18383a5a023ef9ddd900fed43fbc49e5c906
SHA512

95b71417ed0d270bd0e538553821d01836fe7ffa34a024c4b70a2f40bed289aeb4d0453f4ea6e935a38cd8a4e4b711da6371e1bc5ba35104f1637ebf1634c553
SSDEEP

3072:lP9Jr1T8+egwBLNYKxqG09//nX/Nfyr9CT5qVqA6:t9JBo+egYLJpkf/sET5GqP

Score

10^/10

rat mg24 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mg24

Decoy

jhae3jp.store

generalfirstaidcourse.com

breville-accounting.com

homeinthehamptonsny.com

amphibiamerch.store

lagosstateteacherawards.africa

955.global

longmaosh.com

crblwks.com

horliga.co.uk

classicdancehitzofficial.com

crytodefi.online

huachunjianshe-sh.com

hotel-la-cascada.xyz

avastate.com

cheapweedseeds.com

abgroupthailand.com

context-switching.com

drsolarshine.site

nxeliz.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

Processes:

resource	yara_rule
static1/unpack001/5df985493ee4e1c58b4c0698ec38322284d805227b0110d4dae2d6139fba4412	formbook

Files

24_5df985493ee4e1c58b4c0698ec38322284d805227b0110d4dae2d6139fba4412.zip
.zip

Password: infected
5df985493ee4e1c58b4c0698ec38322284d805227b0110d4dae2d6139fba4412
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB