formbook | c90a5302afc1cb44b4157f1fbd69926c4c223a215d9bcc2be2975b95c1005760

General

Target

c90a5302afc1cb44b4157f1fbd69926c4c223a215d9bcc2be2975b95c1005760
Size

185KB
MD5

bd2bff2f52ab89e00a50ebf1dffb028b
SHA1

fe5845aa862cc2c5358e7687455b59e830883b7a
SHA256

c90a5302afc1cb44b4157f1fbd69926c4c223a215d9bcc2be2975b95c1005760
SHA512

12237b6389a8c1f473e6648ad781da79da1322e2f62f6c96ec575668af7c66bad2219699445995166d68691c5100561aab5036cea0b3fbcc63a7659e8760ebe1
SSDEEP

3072:ygPGkujgM9kZdK3uJJijaKPtMb8FDopeap02R6mV:kQdMu/6aKPtMb8dopef2R6k

Score

10^/10

rat dn03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dn03

Decoy

almouranipainting.com

cataloguia.shop

zaparielectric.com

whcqsc.com

ioco.in

aduredmond.com

vavada611a.fun

humtivers.com

jewellerytml.com

mcapitalparticipacoes.com

inhlcq.shop

solanamall.xyz

moviepropgroup.com

thegenesis.ltd

cyberxdefend.com

skinbykoco.com

entermintlead.com

honestaireviews.com

wyclhj7gqfustzp.buzz

w937xb.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c90a5302afc1cb44b4157f1fbd69926c4c223a215d9bcc2be2975b95c1005760

Files

c90a5302afc1cb44b4157f1fbd69926c4c223a215d9bcc2be2975b95c1005760
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB