formbook | 400000[.]ProductsInquiries#VN8399938[.]7z

General

Target

400000.ProductsInquiries#VN8399938.7z
Size

125KB
MD5

b57677f99d0474db259771ab2578a2fd
SHA1

b0681bc43d402a36a60b1d7892e1df791d96cbec
SHA256

74a73b1414e56d53efdc445214e2119926557afeb596dde6cc685cd95165a526
SHA512

4bc689071594d545de6a6f84b6cb339d6b770dcf64310387b425cfd4febdc9a916dde471e4246c313a76f9afddbd2883dbf1d575bb7e8a42402a9282d55824ff
SSDEEP

3072:7ePqeXt7YrR66x2AqCN2Z2O4j8+FuJTl5Qt2YOyXHVpiHIrIPyD:7XeXteRzx2nCN2Z6jU5QsjyyHIJD

Score

10^/10

rat fa27 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fa27

Decoy

allconseil.com

3-k.top

practical-prototyping.com

kipoxz.xyz

dental-implants-66586.bond

cyphernft.com

nicolemariani.com

suacuasattannoi.com

2023woaidianying8.com

ballerhaul.com

pintobeansnutrition.com

shelving-solution.com

reuralnenworknou.net

childrenscottageschool.com

tekkist.com

dogostrength.com

phoenixstudy.net

emoxos.top

8898892dh1.online

esounsoaps.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/400000.ProductsInquiries#VN8399938.exe	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/400000.ProductsInquiries#VN8399938.exe

Files

400000.ProductsInquiries#VN8399938.7z
.7z

Password: infected
400000.ProductsInquiries#VN8399938.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB