formbook | 4041c56677d1cb00888fd21ba80683f0[.]exe

General

Target

4041c56677d1cb00888fd21ba80683f0.exe
Size

185KB
MD5

4041c56677d1cb00888fd21ba80683f0
SHA1

2527c1e306c2d0338580e709304180c69d7a4040
SHA256

2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453
SHA512

dde29ede15c58a3c003e211e5ed4e5d1e54e77bf0fc14c3507e31b13644d907736806816876ee2aacb284c0f727f676e2a4a2afdfb0e81f616b91b09c4116d4d
SSDEEP

3072:MhiQaFrSCnW6KU7FQI01V+73eb1cfKTuOLmIWp/aIw2tcXb1o2mfWY:mVCn3BA1VU3e4KTuOLmMW4i2mf/

Score

10^/10

rat 4hc5 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4hc5

Decoy

amandaastburyillustration.com

7141999.com

showshoe.info

sagemarlin.com

lithuaniandreamtime.com

therenixgroupllc.com

avalialooks.shop

vurporn.com

lemmy.systems

2816goldfinch.com

pacersun.com

checktrace.com

loadtransfer.site

matsuri-jujutsukaisen.com

iontrapper.science

5108010.com

beidixi.com

21305599.com

peakvitality.fitness

osisfeelingfee.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4041c56677d1cb00888fd21ba80683f0.exe

Files

4041c56677d1cb00888fd21ba80683f0.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB