formbook | 2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453

General

Target

2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453
Size

138KB
MD5

6763d7f1ffdb954de4658b7b5b17734a
SHA1

ff6edb2540c5e79c1050a1da9c47fda433103ce9
SHA256

5e0387776ffa5c34f5795bf948491fc17dd7bcb12968aa2e7adf261618b6b898
SHA512

2b948e4347e94f07dc72e662e9631c351473cbf8fed2ac6ea9b1e2c9e35bb6eea3473151074e22494ce21969880ece29540d9406f2bfc61b14166e4bd6f87a25
SSDEEP

3072:xXEK2pbAzctO/jfuFSuKDoxE+WcZa1+up/o6x0rqb7f0u+Ij:xXEKuO/SFvKDoxRWsa1+8rxu4b4Ij

Score

10^/10

rat 4hc5 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

4hc5

Decoy

amandaastburyillustration.com

7141999.com

showshoe.info

sagemarlin.com

lithuaniandreamtime.com

therenixgroupllc.com

avalialooks.shop

vurporn.com

lemmy.systems

2816goldfinch.com

pacersun.com

checktrace.com

loadtransfer.site

matsuri-jujutsukaisen.com

iontrapper.science

5108010.com

beidixi.com

21305599.com

peakvitality.fitness

osisfeelingfee.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453

Files

2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453
.zip
2f4f94bfed428eddafff6e978a8042cd7519e4708ef6a3aaa6eb4b7f79e3c453
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB