formbook | 87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842[.]exe

General

Target

87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe
Size

181KB
MD5

b716123faa847a82b25a61bbe38dda7c
SHA1

b44161fa0dc87563213ce547b3cc5c1e22b5c2d1
SHA256

87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842
SHA512

d265d6a9b6001692b752b6834145430421b7487aebbde985b0b140dd75fcf89795fcaa5d4b192f0038c490a87029a51ef6c69533874aa3341ccf8090d16d268d
SSDEEP

3072:uyywkMnWhzmc3GX6qiqj9llXQ9hEzyhMObKXKbfNdIjzpPZOj49swN:FXSGq/qj9llXQ9N2ObxbfNd0zpPZOj4R

Score

10^/10

rat ki21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki21

Decoy

nikonz9.com

piazzadelcondominio.cloud

stylistandcojewelry.com

watchingmovie79.store

dontpanic.solutions

cy888.xyz

pediatricdentalassoc.com

mg2selot7.us

gotireja.com

valdez.cloud

burgoontowing.top

void89.site

yoicok.online

rjinfo.xyz

omgwin7.online

pineislandhouseforsale.com

squidgamehalf.com

cpphgroup.com

kitahoki.pro

greenfieldnetworkinvest.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe

Files

87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB