formbook | db137d45302d270f6d692114436cc3990125d96421ed3cce4118cfa3d0a737c5[.]exe

General

Target

db137d45302d270f6d692114436cc3990125d96421ed3cce4118cfa3d0a737c5.exe
Size

181KB
MD5

bc11e2e74b06da7d268f90705cb65300
SHA1

21ec5da15a2d038ec57eb67657e33f1e98986290
SHA256

db137d45302d270f6d692114436cc3990125d96421ed3cce4118cfa3d0a737c5
SHA512

da66e85e035b36b71badaa70171c0d68358cd5e76eb57dca3397ddff75eef73e22c392827612a6c7265ebfe77dd154bf017cf0b805ae5660b57ba996871a84de
SSDEEP

3072:DxEUkOmDbSNE3OIF1KLaA6i/htlrQ7Rj4+aYS7JSWoE:lfqO81KaA6ipHaXh

Score

10^/10

rat kh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db137d45302d270f6d692114436cc3990125d96421ed3cce4118cfa3d0a737c5.exe

Files

db137d45302d270f6d692114436cc3990125d96421ed3cce4118cfa3d0a737c5.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB