formbook | 18d95e393b2652322eb606657afc06c1293aaa73235813751f6c6e66d97601e9

General

Target

18d95e393b2652322eb606657afc06c1293aaa73235813751f6c6e66d97601e9
Size

138KB
MD5

998f9b51ed99011d29bf78c664f1176f
SHA1

54a604b2605c340967358cab16779326c421a4c5
SHA256

18d95e393b2652322eb606657afc06c1293aaa73235813751f6c6e66d97601e9
SHA512

6a7719a0ea3c843d3a6c6bc087fd8e2d34a036ac5ec58d4991c3283d8397c24e5dfcf4e7c42340a6a942dd6372c888490e008eeb2236940a11537f3a96a36142
SSDEEP

3072:VKO5lQoPT2pMg/yBv1BkHjy8Bon/vb42kt1ZmNmGrjS1s3BFTjE:QzY2Sfv1SDlOD42kfZWljjBFTQ

Score

10^/10

rat ki21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki21

Decoy

nikonz9.com

piazzadelcondominio.cloud

stylistandcojewelry.com

watchingmovie79.store

dontpanic.solutions

cy888.xyz

pediatricdentalassoc.com

mg2selot7.us

gotireja.com

valdez.cloud

burgoontowing.top

void89.site

yoicok.online

rjinfo.xyz

omgwin7.online

pineislandhouseforsale.com

squidgamehalf.com

cpphgroup.com

kitahoki.pro

greenfieldnetworkinvest.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe

Files

18d95e393b2652322eb606657afc06c1293aaa73235813751f6c6e66d97601e9
.zip

Password: infected
87698c1e19d65ae8f35f18b98690093601458944fe6317009f884c4e3b2a4842.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB