formbook | 49698b30764a0b6ded2f0164c32670a784fa294b656008bee2337a4600da406f[.]exe

General

Target

49698b30764a0b6ded2f0164c32670a784fa294b656008bee2337a4600da406f.exe
Size

181KB
MD5

3da3ed25f4629b85b9b3283458b184e4
SHA1

eb032228ac22e3cee4bc1f18e8277e50aa5c2ee1
SHA256

49698b30764a0b6ded2f0164c32670a784fa294b656008bee2337a4600da406f
SHA512

76ef13d5b28bc66e78e353e4d551133be2c165d2e4a612a8a0980a96e6eb148bd3bba10b5d0625151b504c9d97645973b1eee9107878b7880bae0d5e88a4c5e9
SSDEEP

3072:cwJFEh7A2hy+b13/R6r6Kj9uWcCeKIdo0Z56zGDX+SGj2g9v:Y7NZ/EeKj9uWmKId7nBX+z

Score

10^/10

rat re29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

re29

Decoy

barnstorm-music.com

gazzettadellapuglia.com

baratieistore.space

cdrjdkj.com

carlissablog.com

langlalang.com

2886365.com

aq993.cyou

jwjwjwjw.com

car-deals-80304.com

dikevolesas.info

buycialistablets.online

theplantgranny.net

detoxshopbr.store

imans.biz

fightingcock.co.uk

loveforfurbabies.com

eastcoastbeveragegroup.com

alaaeldinsoft.com

microshel.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

49698b30764a0b6ded2f0164c32670a784fa294b656008bee2337a4600da406f.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB