formbook | 19b86526b9c8b33ee230bba95c8a02fc47db4d230933c3ebcb6888e0dd344f77[.]exe

General

Target

19b86526b9c8b33ee230bba95c8a02fc47db4d230933c3ebcb6888e0dd344f77.exe
Size

181KB
MD5

1376809079736c0330fa4cf05a04b6a2
SHA1

4948d19ef34ca4431be69b46d92963083f993c98
SHA256

19b86526b9c8b33ee230bba95c8a02fc47db4d230933c3ebcb6888e0dd344f77
SHA512

0736c24447bf2c453c2cc11a5b0a1396137e694a48001ba35f7152462497ff1ee193825aaf959917a67e260ada3c40bca3fdae1df50b65bcc153afe1e37e7a7e
SSDEEP

3072:HxEUkOmDbSNE3OIF1KLaA6i/hnlrQ7Rj4+aYS7JSWoE:ZfqO81KaA6ipRaXh

Score

10^/10

rat kh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19b86526b9c8b33ee230bba95c8a02fc47db4d230933c3ebcb6888e0dd344f77.exe

Files

19b86526b9c8b33ee230bba95c8a02fc47db4d230933c3ebcb6888e0dd344f77.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB