formbook | ee7a1db972af7fc938f3c91ab454d61c

General

Target

ee7a1db972af7fc938f3c91ab454d61c
Size

289KB
MD5

ee7a1db972af7fc938f3c91ab454d61c
SHA1

b25cf883565f472467048f41e83a9843deadb078
SHA256

d073188434532a4a8d881405bcbb0252ef62091748a9993221e779ab55b3cb53
SHA512

6264cde67311b8fc4030ad3489610f83c5abb50df62abb4e703fa559f4d4a81af3b2d75337a0b66b19121796d697888dba36c55c793f6b33d5c45b44725bd79e
SSDEEP

6144:RTWuBdh/Y6+owzRFgkEORsTBt2Kq7+v4Py/m+PUN0+q3MoExBOxKHHfO:ZWuBdhsDwkEOM6KqaAknPUN0+q3MoEx1

Score

10^/10

rat hx214 formbook

Malware Config

Extracted

Family

formbook

Version

3.8

Campaign

hx214

Decoy

jabrunei.com

flamingoflyer.com

orieco-degaulle.com

28staging.com

fenghuangvip8.com

lose4inches.com

medalfactory.net

loanequityware.com

swiftsystemaccount.com

phinsgifts.com

achufo.com

menuiserieboisservice.com

potatv.info

internetmarketingreseller.net

porncruel.com

theoriginalcondom.net

systema-movement.com

thegreatgameofeducation.com

bayanlaricinplaj.com

blissologiebeauty.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee7a1db972af7fc938f3c91ab454d61c

Files

ee7a1db972af7fc938f3c91ab454d61c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 287KB - Virtual size: 286KB

.rsrc Size: 1024B - Virtual size: 664B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 287KB - Virtual size: 286KB

.rsrc
Size: 1024B - Virtual size: 664B

.reloc
Size: 512B - Virtual size: 12B