formbook | tmp

General

Target

tmp
Size

185KB
MD5

d36b9ed936c51fc667d67cb5fa419a94
SHA1

8e9152e8c90f09b4a86ba4513d8101a4cc9a2aaf
SHA256

74af268a3cc5fe46f85426eb5896ecd93384185bbd2df9274363166308921460
SHA512

36660826dbcb1f291eb9a1b804856a4f01a387fb18388392f36b55043afab2e38a2a061823088fa244aaa955102ee18b5732d478434e42b7471c9c13870ed036
SSDEEP

3072:XrNO0kCgRx0pGY3RdK52rOlwFhhVD+joLtVzLP6WFB2v:NgVWRA4rOlwFh5r+2B2v

Score

10^/10

rat b21s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b21s

Decoy

cannabisvscannabis.com

family-doctor-79417.com

dec-72.icu

champion-tips.com

hal-housing-and-lifestyle.com

rubinvest.fun

martinkeyword.top

rise-site.xyz

mystrapples.com

refpaxwrsjmf.top

ferrusracing.store

shopkalb.com

zhangnational.site

jameswillms.com

g42ba339r.shop

ivbeenreset.com

classiccollection.store

anysprays.com

piushelp.com

aternoschain.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tmp

Files

tmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB