formbook | 596bc91b4c448109e6db24d3a60a2e33636246ab6515bf2fd5b6bfabf21736f4[.]exe

General

Target

596bc91b4c448109e6db24d3a60a2e33636246ab6515bf2fd5b6bfabf21736f4.exe
Size

181KB
MD5

84f039a5c8fba20f650ca7003eb3805a
SHA1

9bc0ca9e83b5e62475ed0ff239dacf80dbc1d515
SHA256

596bc91b4c448109e6db24d3a60a2e33636246ab6515bf2fd5b6bfabf21736f4
SHA512

dc89ee6651bc1364adbfc187106374d3fe8e6a1427dae4e7413a82cf8bcf6e24314cd3b45eee9cbc184663ba7fa1be0edfc10c8733ebaf47b6a11821800a10b5
SSDEEP

3072:wtzMC+k7U9fY/0/13Uay9AGYKolYE6uyZ44YW5Q/T74PMu57c:C4HZU96RKolYLRm4oYPJ

Score

10^/10

rat vr01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr01

Decoy

eclipsefoodservice.com

oregonjobs.co

ethicai.pro

frontierconnects.co

elcaporalburley.com

exoticskinco.com

topdeals.biz

carmensbookstore.com

mayorii.com

viewhird.com

bharatcrimecontrol24news.com

sampleshubusa.com

molobeverello.com

nicholsonflooringservices.com

kidscircle.shop

771010.cc

poseidoncrm.com

liviafiorelli.com

flavorfog.online

xaqh.info

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
596bc91b4c448109e6db24d3a60a2e33636246ab6515bf2fd5b6bfabf21736f4.exe

Files

596bc91b4c448109e6db24d3a60a2e33636246ab6515bf2fd5b6bfabf21736f4.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB