formbook | 23_ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

23_ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b.zip
Size

762KB
MD5

d711dd155b9d5bd9a0eaadee64b34285
SHA1

e03096591b2b3b3f65f0c397861a733903b373ce
SHA256

3db4120f880b2c9210d8e0be2e81551a1b705da32af5afba5787d3aa6394eda3
SHA512

de513d72268b25691e9a945503f941ee4d3e164bb3b85d89a894daa2a2fed08bf645562cac29fbd0c13099671a58d0e285be3a95eb88ed4402400f7c22cc9683
SSDEEP

12288:6wHSnq1kZDWWZWKkX6D+wJY2wMiRGjQ/nXUvVujCdch7WU3J9VPhw4FpHDmXN0H1:XHS14Kdpw1DnXUNldq3ZWcFqCHwKBlY2

Score

10^/10

rat sl07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sl07

Decoy

stryper.net

riseandvibetime.com

thebenmorley.com

kdfdq.com

pet4cus.com

agrosoft.farm

utopiagood.com

sanduskyspeedway.com

eldozz-quarter.top

weixuninvest.com

taxiboativano.net

odvip377.com

bubblegome.com

peakwealtharchitects.com

mondaytoyoulive.lat

huohullq.com

the-inferno-slots-casino.top

yy88abcd88yyy.xyz

azbenfica.com

hunectar.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b	formbook

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack004/AWB_Ref#5903629911pdf.exe
unpack001/ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b

Files

23_ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b.zip
.zip

Password: infected
SE24C05143020.7z
.7z

Password: infected
Chloe Chen Report Suspicious M ail at 5 13 2024 8 55 08 AM.msg
.msg
- http://PPFPTEGW01-esg.macausjm-glp.com
- http://PVEXGAPP12.macausjm-glp.com
- http://PVEXGAPP21.macausjm-glp.com
- http://box.hnhavest.com
- http://dhl.com
- http://grandlisboa.com
- http://hnhavest.com
- http://mail.hnhavest.com
AWB_Ref#5903629911pdf.gz
.gz
AWB_Ref#5903629911pdf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AYCr.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dhllong.png
.png
dhlshort.jpeg
.jpg
ea592572d0ccaad80961e1836e0a9e762e36cd76a7f3d85bfaba66fa58d39c6b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 627KB - Virtual size: 627KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 627KB - Virtual size: 627KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 180KB - Virtual size: 180KB