formbook | b818f5a62ced3a731fa73968051a1017aee199a324fe740c7bb14c488d1a670f[.]exe

General

Target

b818f5a62ced3a731fa73968051a1017aee199a324fe740c7bb14c488d1a670f.exe
Size

181KB
MD5

aae17f9e16015fe70397d96189599006
SHA1

9b16e267c8be7c03e399032ae0dcb1c9ad34d18b
SHA256

b818f5a62ced3a731fa73968051a1017aee199a324fe740c7bb14c488d1a670f
SHA512

8ca6033fce7d98c7eee9eb21ee4bfbdc2922a4b9d089c720b5fce97a34ff65c0677f5e5ef7f6eaea83822be1d4c128f1fddf9e25899e37b6c446908e6d8bdee2
SSDEEP

3072:hahPEsB0bsbmL3Yl94meKhyZ9mYppThI9Byh6pq+ampXeSARZ+GE:ha2jYj4LKhyZ9vpThlh6BaM7

Score

10^/10

rat b04s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b04s

Decoy

kx2655.com

levelonemgmt.com

212homeimprovementcompany.com

gacorasd.store

elevateintellect.com

flsolarpower.com

handsacrossthewater.org.uk

alamut-am.com

1c789.ru

improof-constructions.com

frenchgamesmap.com

compareinsure.co.uk

dentamedusasalesmiami.com

divinespage.com

inkwellfinance.com

campagnesmsmarketing.com

foryou.clinic

ecolocolo.com

dfjdiuhs.com

caporalessansimon.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

b818f5a62ced3a731fa73968051a1017aee199a324fe740c7bb14c488d1a670f.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB