formbook | 2a1a01f7dbce9cae3601bcf859fd7984cfa761783f929448e59a90dd56f43fa9[.]exe

General

Target

2a1a01f7dbce9cae3601bcf859fd7984cfa761783f929448e59a90dd56f43fa9.exe
Size

181KB
MD5

9d1251b033cbcb38b0f7af9fd0ed9492
SHA1

0f85acb14033ffc19f4e66aa635624b618c37bcb
SHA256

2a1a01f7dbce9cae3601bcf859fd7984cfa761783f929448e59a90dd56f43fa9
SHA512

fe6f49fc3ff69a2ef604295a8d06ca496cf3bf98666d665d42b1398fe8208e3a9cb9d4747aba525167483c3637f8afdfcb3704360e11cf183faf299fb17304aa
SSDEEP

3072:57zDwkP4+vmiRS3AEMXJRSrG/gvPH3G0fo9KrURw+27RCtHEXwz:1+kEABZ4rG/gv/3G0A984wb7QtHEgz

Score

10^/10

rat de08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de08

Decoy

inspirajapan.com

labeldao.com

31jane.com

padraigsconstruction.com

greatgreenturf.com

braseltontabernacleofpraise.com

aladesignservices.com

ascenciorealestate.com

ropainfantilnenitos.com

kuvu48bgm0.top

htpland.com

just1ce.co.uk

capitalwatch.africa

hoby.app

kikachoodesign.com

iyerbrothers.com

importacioneskc.shop

hanhengedu.com

g3cybergroup.com

foundsmartwealth.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

2a1a01f7dbce9cae3601bcf859fd7984cfa761783f929448e59a90dd56f43fa9.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB