formbook | f2de7e1866310a43bf34f50a907b7ec8ff5c7b9ae4421c304e26aed008f30850[.]exe

General

Target

f2de7e1866310a43bf34f50a907b7ec8ff5c7b9ae4421c304e26aed008f30850.exe
Size

181KB
MD5

b418ded7352dfd447eae15fba6612d49
SHA1

060d193bcba96611a902ca6b0ebe712218a93065
SHA256

f2de7e1866310a43bf34f50a907b7ec8ff5c7b9ae4421c304e26aed008f30850
SHA512

224c8c14744c5b0411d3a5b4db8f7dfef51fb13305457c41c2ab4be184ac7b2f5a43b6acca9c627c2965912716c04366d38449e3eba50c70db6e5d90eccb8def
SSDEEP

3072:eedbiE474WyfW3aheN6c7ayMRIY71+/lx89WYpWxkYKv:hckAaYr77MRIYR+/lSTpQKv

Score

10^/10

rat wm23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

wm23

Decoy

ntjhe.com

180yq.com

bcxlb.com

haefelinger.net

bkwbroadcasting.com

kastraestates.co.uk

ayasca.com

89spa.com

denizmobile-com-tr.net

5nrb3v.site

dewi.africa

darnacme.online

satovsky.rsvp

deluxhomefurnishings.com

igminitruckersolingen.com

celtictransportie.com

deltakrian.com

bassettsrestauranttogo.com

digitalcharts.xyz

glassbong.life

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2de7e1866310a43bf34f50a907b7ec8ff5c7b9ae4421c304e26aed008f30850.exe

Files

f2de7e1866310a43bf34f50a907b7ec8ff5c7b9ae4421c304e26aed008f30850.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB