formbook | ddff78904d78b6eca747dd889e3ce886fcb80ff4ede2e545d3479413575519b2

General

Target

ddff78904d78b6eca747dd889e3ce886fcb80ff4ede2e545d3479413575519b2
Size

185KB
MD5

07807ccf0830bae849253f8bc2ed62fe
SHA1

47dbb4f91b1ff488830d4fc762ab65a6c928050d
SHA256

ddff78904d78b6eca747dd889e3ce886fcb80ff4ede2e545d3479413575519b2
SHA512

6acdee054ff386ed35ce5ee83725866deac0e7b8ec2d400b00c37c717832cf8c26f56603ef1c6c0e117ce70aaefb655c02ee926a568db335e5dff1971dc466fd
SSDEEP

3072:JEHxMFxehbUGWpVxlR+crESRaVK0Y77E/G+6LTXdUZSCJ:+UpVztrESRaVi77wyjcS

Score

10^/10

rat n7ak formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

wise-transfer.info

jam-nins.com

thebestsocialcrm.com

majomeow222.com

ancientshadowguilt.space

gentleman-china.com

parquemermoz.store

taxuw.com

sharqiyapaints.com

libraryofkath.com

1949wan.com

synqr.net

bitchessgirls.com

btonu.cfd

coding-bootcamps-16314.com

leadership22-tdh.site

maximsboutique.com

irishsummertruffles.com

sdnaqianchuan.com

uyews.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddff78904d78b6eca747dd889e3ce886fcb80ff4ede2e545d3479413575519b2

Files

ddff78904d78b6eca747dd889e3ce886fcb80ff4ede2e545d3479413575519b2
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB