formbook | 08844badf5c2bdd4dc6da38cfd0d774768efe5383f2a10ab811ade9e6c1c0eec[.]exe

General

Target

08844badf5c2bdd4dc6da38cfd0d774768efe5383f2a10ab811ade9e6c1c0eec.exe
Size

181KB
MD5

c8c79a69eb143a1a7b7fd152143a4d90
SHA1

011404cd67f49a5983d47b5e42f5ad56f273e86c
SHA256

08844badf5c2bdd4dc6da38cfd0d774768efe5383f2a10ab811ade9e6c1c0eec
SHA512

16cf0c71de5973f9dbd518fc80b678cb701bcb51dc749e9c74faa516460a6562b2c71cfd7431c7db0725a1cf16a825e9f59987f6915df6c60b12c921b4376a75
SSDEEP

3072:Q4PEixFNc4m30iFoXjqApJffiJWZLWp5fD04:vxQ0iozqApJf68ZLQ5fD3

Score

10^/10

rat hs95 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

hs95

Decoy

capitalpartnersintl.com

learnotctrading.africa

kokotripbali.click

laserelitecreations.com

55522.voto

hezop.xyz

6n992.com

aelh3s.shop

victmcomssioner.org.uk

7xwithlove.com

gregdf.click

thewarehouseconsultants.africa

ilbufalaro.online

bulkcheapstamps.com

etismc.top

beautyby-eve.com

dabopixel.com

freddybrowne-17.com

heat-pumps-11472.com

cleaningbyeve.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

08844badf5c2bdd4dc6da38cfd0d774768efe5383f2a10ab811ade9e6c1c0eec.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB