formbook | f153dbff060014738d4acb9dd79afd626d82abc59202a6d1d6754fd7f343774d

General

Target

f153dbff060014738d4acb9dd79afd626d82abc59202a6d1d6754fd7f343774d
Size

181KB
MD5

c9edc417f5b0ed988993f3eaf75da667
SHA1

c5423a30a16ef336e90f61ed8e424b19d0ac5439
SHA256

f153dbff060014738d4acb9dd79afd626d82abc59202a6d1d6754fd7f343774d
SHA512

010daf019e8644171f5df8dc27c12a75fb3536582b241cb91bc01f32a075423b22396684c821e9024f46bf55f21d5cbf908fa373b50eccb6fdd6ee4c081f389c
SSDEEP

3072:LC7EFo1oFns3phSpEoqYOqbHjzGDHb+ZtbIvCJXrqs255JtVM:NPipspHqYOqbHjiD7iRI6pqsq5m

Score

10^/10

rat s17b formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s17b

Decoy

adriannavasquez.com

ticketstolisbon.com

hygrostar.com

dcairandheat.com

gamerviet.com

cjdao.net

informationdata65319.com

ethdefi.live

0241d.com

bestwoodtoy.com

bookingmello.com

hjd3c5.com

1eisdhiookd.xyz

urbanfarmingdynamics.africa

graphicsxperts.com

ebndeoo.store

chenzhenstorea.club

brain-life-imaging.info

containsmilk.com

ebaepay.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Files

f153dbff060014738d4acb9dd79afd626d82abc59202a6d1d6754fd7f343774d
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB