formbook | ad896a8982941cd8a7b4f237f775e712dc1a05cfb2d80601d45f4cc73475ecc0[.]exe

General

Target

ad896a8982941cd8a7b4f237f775e712dc1a05cfb2d80601d45f4cc73475ecc0.exe
Size

181KB
MD5

ca212d9f062a189528f1204eca8cce94
SHA1

f3bf213d6ba75390025f6534a539532fcccf4696
SHA256

ad896a8982941cd8a7b4f237f775e712dc1a05cfb2d80601d45f4cc73475ecc0
SHA512

49722de9ae3c105bf1bfec52b3983af74c721f37d9745717a6704c9bac5ae4b65714ba34273ae2b21d917691d605fff1600c21c62fbab75384504d3ff16b02df
SSDEEP

3072:PPlfxikQCGvR5XR3If1+WN6W5qLiHYgq/V9lOK1OEHKTAVeZsKGOSUh:0CENIthN6W5qe4Xd9NOgKxqJOSi

Score

10^/10

rat ns03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ns03

Decoy

dipity.tech

agathis.fun

ekaterinai.store

elizabethsbookshelf.com

smilesustainably.com

tapeworm.xyz

beatricesswarthout.xyz

nsrpackersandpackers.in

yedxec.xyz

gildedbeautyaesthitics.com

hanibalbechar.com

fichaphuman.net

adilosk.shop

geezaran.com

ventasemail.com

phonecasesdirect.store

rctjuc.shop

sukimossmanagement.com

caller-id.today

kft07.vip

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ad896a8982941cd8a7b4f237f775e712dc1a05cfb2d80601d45f4cc73475ecc0.exe

Files

ad896a8982941cd8a7b4f237f775e712dc1a05cfb2d80601d45f4cc73475ecc0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB