formbook | 3481e03e601740b1e2c8643db90e35541dd2c76c24806ddcc47c5b1c7ea60e2d[.]exe

General

Target

3481e03e601740b1e2c8643db90e35541dd2c76c24806ddcc47c5b1c7ea60e2d.exe
Size

182KB
MD5

93a0b886c7da35e875f40f67ce8681a3
SHA1

4eaa61f0121db85f1dbf0b89e18915a72dedbc88
SHA256

3481e03e601740b1e2c8643db90e35541dd2c76c24806ddcc47c5b1c7ea60e2d
SHA512

bf08e0126481944737e28e00af68df32e9a0f4077a1796a7b84d09cfacb376d12cffaa550cbf7483eee08f23d581a04f3dd20e7af5ff66e0feedd799f98fdba9
SSDEEP

3072:k8QnUQwBFKRujtBxb7ZMcR0j2Mg8GYFsh9h2mQlufoRR84gHy0QtHnqkQ:QNFuHl7ZMcujzK9CufoRVgS0SHc

Score

10^/10

rat cs19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs19

Decoy

asafkozmetik.com

hitcentersinc.com

healthcurezone.africa

umzontsundu.africa

llklkj456.online

simplyfetchingweddings.com

agile-workforce.com

efefcapricious.buzz

natalyrunner.ru

alain-jp.com

uhdtubesex.net

amerika-express.com

evolutionunited.com

digi-eye.app

10086o.xyz

airinsystem.com

fullbasketballacademy.com

kronoendustri.com

kujzap.cfd

ankleswelling.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

3481e03e601740b1e2c8643db90e35541dd2c76c24806ddcc47c5b1c7ea60e2d.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB