formbook | 1ca7cea9b070c01b4a5e6f72f2fe9f975f56b00131329357b9b14da69ff5ab48[.]exe

General

Target

1ca7cea9b070c01b4a5e6f72f2fe9f975f56b00131329357b9b14da69ff5ab48.exe
Size

181KB
MD5

9ccac33dd67e893f981309740ac5be95
SHA1

807eac323f0cb5c97498d6e297f60d1c31cd4603
SHA256

1ca7cea9b070c01b4a5e6f72f2fe9f975f56b00131329357b9b14da69ff5ab48
SHA512

080ecfb652454faaf748afd4a50788a6559599160092b9fdcce4df124e57286cae34a1ae56b7d5095628bfcdffd49220ab7306304522339701e1274187c9c40a
SSDEEP

3072:WZQVBxEMfaGNQ+O73huKiZkJm0UqdNsiwxaV2aDiFk+1Kgx/Je5CGvIs20cUPUjz:W+9QPThh14qbsiGNLtT2CGvCUPKz

Score

10^/10

rat pz08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz08

Decoy

deespresence.com

fanyablack.com

papermoonnursery.com

sunriseclohting.store

jenstandsforarkansas.com

lkhtalentconsulting.com

baerana.com

hyperphit.com

davidianbrant.com

itkagear.com

web-findmy.site

liveforwardventures.com

skyenglearn.online

studio-sticky.store

yassa-hany.online

tacoshack479.com

bigtexture.xyz

erxkula.shop

go-bloggers.com

qwdlwys.site

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca7cea9b070c01b4a5e6f72f2fe9f975f56b00131329357b9b14da69ff5ab48.exe

Files

1ca7cea9b070c01b4a5e6f72f2fe9f975f56b00131329357b9b14da69ff5ab48.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB