formbook | 0b0a7da8003393d8a1aa30394f2564b04a2fd2f8423793d3a217dea6b777c5ce[.]exe

General

Target

0b0a7da8003393d8a1aa30394f2564b04a2fd2f8423793d3a217dea6b777c5ce.exe
Size

185KB
MD5

38654ce3ac91e6aa36279a5e7fb6c822
SHA1

123329aa86ec1925e96f55efbecdeb462efd9f11
SHA256

0b0a7da8003393d8a1aa30394f2564b04a2fd2f8423793d3a217dea6b777c5ce
SHA512

247a86ff6e528f94fc7703cb721f308af6fa2aa797de0b204f52ecdbb58900007dfc3a4da7ec5295bced49b83293f9616fa536ff8e763e7db96f84bbe93290b8
SSDEEP

3072:g28CDkmHf5GoA2G3gkHXVrEA4614EDDLHLE1RIf0oJ2yIRDsZNKSWr:giftwg2FrEX614EDDHOZoUySC2

Score

10^/10

rat dk07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dk07

Decoy

reclam.xyz

parchmentmediaadd.com

gaolibai.site

menage-exclusif.com

ceremoniesbyjade.com

5663876.com

take3.xyz

environmentaladvocacygroup.com

fp38z.rest

elektro-vlasic.com

bollybytestv.com

udfunsd.cloud

studiomiraiarq.com

e-commercebrasil.shop

sansiddhiedu.com

draaronroughan.net

24angel.com

rjh-equestrian.com

22db3rgdg6a73pea7.vip

mintygreen-wellnessportal.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b0a7da8003393d8a1aa30394f2564b04a2fd2f8423793d3a217dea6b777c5ce.exe

Files

0b0a7da8003393d8a1aa30394f2564b04a2fd2f8423793d3a217dea6b777c5ce.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB