formbook | f7decb942c4d2f001d2f810978463780697403597ed4f5102a19c27edd649ce3[.]exe

General

Target

f7decb942c4d2f001d2f810978463780697403597ed4f5102a19c27edd649ce3.exe
Size

181KB
MD5

517d168a3e886e3c0a8275881631eadd
SHA1

d16913a1f3b0a846c39a9838b92f2be5d5e0e739
SHA256

f7decb942c4d2f001d2f810978463780697403597ed4f5102a19c27edd649ce3
SHA512

f4939e900d2ccee82384c374a76b0d6d35bcc175aaaeb1451c2db1e7c64af9e42507ced81abae8b49a4bb86313fb0f29aee1b24c01b7a859420f3bf3ffcbc5f8
SSDEEP

3072:JxEUkOmDbSNE3OIF1KLaA6i/h/lrQ7Rj4+aYS7JSWoE:jfqO81KaA6ippaXh

Score

10^/10

rat kh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7decb942c4d2f001d2f810978463780697403597ed4f5102a19c27edd649ce3.exe

Files

f7decb942c4d2f001d2f810978463780697403597ed4f5102a19c27edd649ce3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB