formbook | 90730e24fccd4f3d0dedf7b7a4c279704028b7f5df897e980348205236d2c059

General

Target

90730e24fccd4f3d0dedf7b7a4c279704028b7f5df897e980348205236d2c059
Size

185KB
MD5

084646550310ef73d330f47f1726b884
SHA1

7f26a028a2910568ea7d891e7a22e1ca45d4e2b7
SHA256

90730e24fccd4f3d0dedf7b7a4c279704028b7f5df897e980348205236d2c059
SHA512

92a301772535fcdbcaedd3a4524d599137e9721d4eb09e0357b33d858e5df1c1b5897a3d0ffddda98eeeb387ac9900948edc334209e41e8027491ab7ff12e9ec
SSDEEP

3072:YsA4AbFrZp/uCxiK7thcFaFsfKEguca778igdxS8cffEn3SS97aI+n956VGWnT:WzptzfcFeCK/a778ioxS8cXEn3SS9D+W

Score

10^/10

rat qh1n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qh1n

Decoy

hyw0902destiny.xyz

mkquan.net

tisml8yn.top

norcliffecapital.com

dennemeyer-antipiracy.com

kastlosa.com

ghsdhzs.com

fdkeatlah.best

pvpvhhhvmk1z5r7.xyz

pumperwopingrld.com

traveloka.website

yunzhizhao.top

wtwvmemphis.com

aquaceen.com

flynovaa.info

qr-sens.events

yihetrading.com

miamipaintingcompany.com

kunikokaizu.shop

kapudianzi.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
90730e24fccd4f3d0dedf7b7a4c279704028b7f5df897e980348205236d2c059

Files

90730e24fccd4f3d0dedf7b7a4c279704028b7f5df897e980348205236d2c059
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB