formbook | f8c8c48d492e8e964621900ed59d849c7567c3f14d37410972448e09ab4273fb

General

Target

f8c8c48d492e8e964621900ed59d849c7567c3f14d37410972448e09ab4273fb
Size

181KB
MD5

349db6ce947c7befeb9070b3a9424fd5
SHA1

e98f059ce70a6f452f3e1b24b599aa2e69a729c7
SHA256

f8c8c48d492e8e964621900ed59d849c7567c3f14d37410972448e09ab4273fb
SHA512

c0a5ee63b4220c52cdd0c36c9b8bda58debf5a546392d598f4a112f863f7b46943c75f4a8455294e6a392fbf87d2ee209e1ee47323f852a17fddd978d0fe97fa
SSDEEP

3072:AWfqxEcElcY/7Bc3Uh5ztebFk2e7yM78m5LvPvn2X/dXLuFUF1kY/B0:5WExlSUrcbFk2e78sjP+XlX51kqB

Score

10^/10

rat fs83 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs83

Decoy

blastol.space

tomwalkerisfalco.com

us-sumatrraslimbellytonic.com

drywallandpaintingservice.com

vntapp.net

passportpages.site

at-mim.com

yeondagoods.com

teomanyildirim.com

paygame.site

senze.art

alhandco.com

9831bsej.xyz

traumatic.xyz

sos-soutien.com

thetechnolgy.live

washing-machine-46612.bond

marvsneakers.com

shequbaike.net

xc4f35fg4h35fg4h53.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8c8c48d492e8e964621900ed59d849c7567c3f14d37410972448e09ab4273fb

Files

f8c8c48d492e8e964621900ed59d849c7567c3f14d37410972448e09ab4273fb
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB