Overview

overview

10

Static

static

10

8342c29aac...8a.exe

windows7-x64

10

8342c29aac...8a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2-FormBook.1-8342c29aacd500b5d424822648331736379f18bdb6bc27a7e7a579544570fa8a.zip

  • Size

    45.9MB

  • MD5

    0d1ba69683563d6937335a7059e0befd

  • SHA1

    c25ab4a743202ad8f80f8c3b048dafec08f17c62

  • SHA256

    8a14ac66303e93b5d62beb8517508b2416f01fc9414dd046db0d2fa616b9b2e7

  • SHA512

    4a6a44324c490c8906f7883d7a8c91a3df06bde643234337ff2ba9ac9b1c3ecc0857a8d848030d94829da3eb6d39f8d52424eb841b80b1d993a2b66f059f7ccf

  • SSDEEP

    786432:vvsNdiwn29GzLEVlNAm+wRMqmx0oAzPS9RsaIBKN/M6dYsoCi1PlWW:vvsNXjHEVlNAMRMqi0oK69n31dHolBL

Score
10/10
ratdcrat

Malware Config

Signatures

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Dcrat family
    dcrat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2-FormBook.1-8342c29aacd500b5d424822648331736379f18bdb6bc27a7e7a579544570fa8a.zip
    .zip

    Password: infected

  • 8342c29aacd500b5d424822648331736379f18bdb6bc27a7e7a579544570fa8a.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections