formbook | 0c0001dfab0dc6cf87fc05e6752207cb13627722317885249e8840d335906d1a[.]exe

General

Target

0c0001dfab0dc6cf87fc05e6752207cb13627722317885249e8840d335906d1a.exe
Size

181KB
MD5

e984634a2c7b62248bc29dc4e7735b47
SHA1

2e754c3aef53e352bd82085dad5223d4d549ef3c
SHA256

0c0001dfab0dc6cf87fc05e6752207cb13627722317885249e8840d335906d1a
SHA512

986f5f009b2faf657cd112e34d01b3386b2282460d24f1e47e77b48febb9395a434a42c3fc08d7a5196812d97810b41d42bca705e4bbdded9a897cf6dde5a09b
SSDEEP

3072:4xEUkOmDbSNE3OIF1KLaA6i/hLlrQ7Rj4+aYS7JSWoE:UfqO81KaA6iplaXh

Score

10^/10

rat kh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c0001dfab0dc6cf87fc05e6752207cb13627722317885249e8840d335906d1a.exe

Files

0c0001dfab0dc6cf87fc05e6752207cb13627722317885249e8840d335906d1a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB