formbook | a878da679dd33864598de4a12fa4cf849600908d[.]exe

General

Target

a878da679dd33864598de4a12fa4cf849600908d.exe
Size

184KB
MD5

5ca986fded4779f536b671ffc6db7cae
SHA1

a878da679dd33864598de4a12fa4cf849600908d
SHA256

5377ce1a84aaf4e28174febe6e9abcfcdb201a83c987e144bdf392be825d9dac
SHA512

1207db1728013ebfd62498ac99036279c508d31495dd0d3f72c7f7c767e5f32d1abe76e09d3b5d5b8de9e6a8e36d098d3369a899e4e5888f618e56cb6fff3e5b
SSDEEP

3072:Q3y/k4wyW9daBef3UnbYaHLNEijb5lcKWVR/c+G2osEWcsiyKe2V0As6uS:AvfUbYarNxbfcKya+vo9TsRKetPbS

Score

10^/10

rat gg04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg04

Decoy

clothandsoulfabricllc.com

kx1336.com

4638.global

fixlaunchcredtunionmemb.online

indivexport.com

betuluzun.online

colossusboutique.com

hgcst.com

authorizer.online

hong-travel.com

globalwealthstrategiesco.com

fobberq.com

tribally.net

cook-a.com

todipjane.africa

membershipexams.africa

3dseal.online

abris-spb.ru

mkkkkk.net

chargecentral.store

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a878da679dd33864598de4a12fa4cf849600908d.exe

Files

a878da679dd33864598de4a12fa4cf849600908d.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB