formbook | 7d0802716538acdbba606f1691225b66910af4603aaa096f3a84776c1e5b40d7[.]exe

General

Target

7d0802716538acdbba606f1691225b66910af4603aaa096f3a84776c1e5b40d7.exe
Size

182KB
MD5

d74904ff4bf13e6ff9432eeb924bacad
SHA1

20c4c52a00bdea0172e12c1fc87b551ddc7c9f72
SHA256

7d0802716538acdbba606f1691225b66910af4603aaa096f3a84776c1e5b40d7
SHA512

c4cb978bdd790d1fa7e7cbf0ace0038b925c614a4f6209d20abeab009c49f548d6bdaf045722985d58473285dc4b20d597d1c1782d6f83284f95bc4ead5c5053
SSDEEP

3072:zgYsck42QU6Ob58c3cK7WY1YLsiL8XO9XCSCpPtrJR+OCqJ9H7S:7g8ScQPWLsiL8+tCLp52OL9H7

Score

10^/10

rat ny18 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ny18

Decoy

flagencys.com

getlikevip.com

ifydigitaldeveloper.africa

artificialturfminneapolis.com

eastereats.com

casinclab.com

az1.life

baishengyx.net

bellpacnw.com

donskye.africa

chatfreegames.com

dizimaglico.com

southgatewoodwork.co.uk

jorgelrocha.com

americaspatriotfactory.com

remco.boo

hvtourismalliance.com

estanciasantaedwirgem.com

agriturismolebaccane.com

bosecmedical.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

7d0802716538acdbba606f1691225b66910af4603aaa096f3a84776c1e5b40d7.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB