formbook | d0b94b855d2f24add1edf6b3a6ecae24e4366f181a1ccd0bcd3b27e94de95bc0[.]exe

General

Target

d0b94b855d2f24add1edf6b3a6ecae24e4366f181a1ccd0bcd3b27e94de95bc0.exe
Size

181KB
MD5

728b83244a275ef0e29cb00aa0c6692c
SHA1

8f744b5564e78ab054bc685bd12483c1ffd9de4d
SHA256

d0b94b855d2f24add1edf6b3a6ecae24e4366f181a1ccd0bcd3b27e94de95bc0
SHA512

dfee5c83bd2973362875bee76c688b81f191927a0e21eb104791577d79de110ea9912b4c35e65a46808309c02c1be6c1c181699491edcd19517901d53d0c4da5
SSDEEP

3072:CtzMC+k7U9fY/0/13Uay9AGYKolYE6upZ44YW5Q/T74PMu57c:o4HZU96RKolYLKm4oYPJ

Score

10^/10

rat vr01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vr01

Decoy

eclipsefoodservice.com

oregonjobs.co

ethicai.pro

frontierconnects.co

elcaporalburley.com

exoticskinco.com

topdeals.biz

carmensbookstore.com

mayorii.com

viewhird.com

bharatcrimecontrol24news.com

sampleshubusa.com

molobeverello.com

nicholsonflooringservices.com

kidscircle.shop

771010.cc

poseidoncrm.com

liviafiorelli.com

flavorfog.online

xaqh.info

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0b94b855d2f24add1edf6b3a6ecae24e4366f181a1ccd0bcd3b27e94de95bc0.exe

Files

d0b94b855d2f24add1edf6b3a6ecae24e4366f181a1ccd0bcd3b27e94de95bc0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB