formbook | fb21cc57575d446faff8bcc00b2b0daad05a96f9c052a8e086882e5e498a436c[.]exe

General

Target

fb21cc57575d446faff8bcc00b2b0daad05a96f9c052a8e086882e5e498a436c.exe
Size

181KB
MD5

d49a550bec161f460c3146b8e97b1d69
SHA1

6da9e6c9648d3f5de49978c19cdf378783e8e69c
SHA256

fb21cc57575d446faff8bcc00b2b0daad05a96f9c052a8e086882e5e498a436c
SHA512

aa9a5de907cdbdbf5ce7e44d2a5e271cef1e5664f22960a1188d8f48d9d37c2c1acf8e6b1f0a2551b115198b39f29826e9fdfe1c0934933a8b2a3c65f7444575
SSDEEP

3072:IMuck0YCUzDPZ2JezlZP56s8O2CZX7kl6z2p8zA8wxQkxIz+jk:J+QUr56s8O2yO6zEzQkxrj

Score

10^/10

rat cz30 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cz30

Decoy

valeriepuma.com

rentyourbag.com

unglesbyessure.com

ahzmjy.site

taazdelights.online

conexoesnews.com

istprimeway.com

elwf4tlu.shop

661.support

fournaisehk.com

glechiu.xyz

2r2pv2.shop

902523.rip

bruggicapy.com

westmobileautodeatailers.online

muaad.co

gridxsens.com

victoronedesigns.com

tecexpressbr.com

crea4net.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb21cc57575d446faff8bcc00b2b0daad05a96f9c052a8e086882e5e498a436c.exe

Files

fb21cc57575d446faff8bcc00b2b0daad05a96f9c052a8e086882e5e498a436c.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB