formbook | 4bc94463128cf70668fd065145a32e224079cea070e389b048ea28846de6f0c8[.]exe

General

Target

4bc94463128cf70668fd065145a32e224079cea070e389b048ea28846de6f0c8.exe
Size

181KB
MD5

a25c756fd3e1b3c614eb2b53da9cda3e
SHA1

8c6dd4a4a4973d2ff6f521d2bd0afef744a5b2f0
SHA256

4bc94463128cf70668fd065145a32e224079cea070e389b048ea28846de6f0c8
SHA512

68f2653efe8027d8c359d29c5756efb300d2e68db091538992d3db9698d651386718f5223da246a56a38bbde9f8dc7e0c3222c26473822928b4ff5813158ef35
SSDEEP

3072:ofoithEv97vYYzW3F2z0Roqfa4+/CnU0BrDv1FpWUP6k+tMRR6:ki9AFUWa4+/CnU0rL1ZP6k++T

Score

10^/10

rat sz94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sz94

Decoy

fetch-a-estudia-y-trabaja.info

cryptifynet.com

investyourinfluence.com

mexbop.xyz

countoncrop.com

feeltohealsomaticwellness.com

3654568.com

easyorderstoday.com

manchestertoday.org.uk

healthcentricaisolutions.com

thegeekwarehouse.co.uk

9figureturf.com

keycaptivate.com

filmepornomobil.xyz

germanspage.com

movalz.co.uk

1wigun.top

clover4us.com

kfdist.com

thutoapp.africa

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

4bc94463128cf70668fd065145a32e224079cea070e389b048ea28846de6f0c8.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB