formbook | 67b87da1909756333e3e5890b14e482ceeee7719a839f42d015f0eba46a9e62c

General

Target

67b87da1909756333e3e5890b14e482ceeee7719a839f42d015f0eba46a9e62c
Size

185KB
MD5

81f4c6a74ef7a36d03c8b2fc09eb83d3
SHA1

8aee580faf7818f694cd99e56afe592e57c10cf0
SHA256

67b87da1909756333e3e5890b14e482ceeee7719a839f42d015f0eba46a9e62c
SHA512

c7a95daad02eefd731681a683cc7439f2cc4278e516a89298b3ed01b5c98056e2d7dd99b2f59a22c609c29a462270100208db098e5fe056c9bf5c3329c701592
SSDEEP

3072:28Sqk1l7otai350jESBralHjL9zt9c8xWfmbH17JRBTfh8:cLU5uTBralHj5xVU+B7JRt

Score

10^/10

rat al5s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

al5s

Decoy

eranio.cloud

noldew.click

truckervdcaps.com

distance-learning-72692.bond

projectjoy40.com

mingcandle.com

rvasuntosregulatorios.com

ticktockdecor.com

878086.vip

novardeon.com

denisonalgebra.online

flybuys-rewards-link.com

blood-sugar-level-58483.bond

spitzpr-gz.info

korspg.com

mayeleadvisory.online

loveindraw.com

concretopremezcladomerida.com

graphiyat.com

feiradolivroevangelica.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67b87da1909756333e3e5890b14e482ceeee7719a839f42d015f0eba46a9e62c

Files

67b87da1909756333e3e5890b14e482ceeee7719a839f42d015f0eba46a9e62c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB