formbook | 6897ca7f3962315c76170bfefa5d57b98a9c1ae93a4264281c59460ff87b880e[.]exe

General

Target

6897ca7f3962315c76170bfefa5d57b98a9c1ae93a4264281c59460ff87b880e.exe
Size

182KB
MD5

908ad9609d795587a7da763e83069cc1
SHA1

5790d7b7181ec192ecbe35c515163c43fd3a50ff
SHA256

6897ca7f3962315c76170bfefa5d57b98a9c1ae93a4264281c59460ff87b880e
SHA512

db3337e4f764fb76d43251f86703acc64756a9377c5f33b294ae1063b33401bb7307f422bb1a39a1c6d663379848e81cfab2475e62e17e13b9fa1acc3dd89d4c
SSDEEP

3072:48QnUQwBFKRujtBxb7ZMcR0j2jg8GYFsh9h2mQlufoRR84gHy0QtHnqkQ:kNFuHl7ZMcujGK9CufoRVgS0SHc

Score

10^/10

rat cs19 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs19

Decoy

asafkozmetik.com

hitcentersinc.com

healthcurezone.africa

umzontsundu.africa

llklkj456.online

simplyfetchingweddings.com

agile-workforce.com

efefcapricious.buzz

natalyrunner.ru

alain-jp.com

uhdtubesex.net

amerika-express.com

evolutionunited.com

digi-eye.app

10086o.xyz

airinsystem.com

fullbasketballacademy.com

kronoendustri.com

kujzap.cfd

ankleswelling.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

6897ca7f3962315c76170bfefa5d57b98a9c1ae93a4264281c59460ff87b880e.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB