formbook | 9dbffd73c849f7975aa3705947647650N[.]exe

General

Target

9dbffd73c849f7975aa3705947647650N.exe
Size

188KB
MD5

9dbffd73c849f7975aa3705947647650
SHA1

4a846b2f8b08344d7653023f6b8baeba9652d565
SHA256

75bee8dab2d9231919a0bbf420f70a5ea08cfde94fe69ca8fc03f4720ff95a22
SHA512

35dc1d2b3277d682c26512f1637668b50b40432610ca12f278f9d75d2da79c0ec052262d2248a849a00b65537a66f15b0a764bb17a8759bfde6784bf7dde5217
SSDEEP

3072:5ZFZzk/XkacJaIK332BnF8g2qFQJxuwccBAUfbDWC1Hetvcor:vNZM3SnF8RqFQJxdcEAAic

Score

10^/10

rat by21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

by21

Decoy

digitalillusions.net

changeblue25.com

kitchenwoow.com

grupocontigoalimentacion.com

iranabr.com

embodiedmagic.com

superstoreszone.com

apartments-for-rent-46883.bond

kelbagnole.com

rideskratchlab.com

a06kng.club

saddlebredallstars.xyz

filepd.com

kxetdf.asia

dl39yy.com

jackedsearch.com

exodusprofessionaldetailing.com

ecommerce-40144.bond

uh3b94g3pyczi9t.skin

dcmcc635i.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dbffd73c849f7975aa3705947647650N.exe

Files

9dbffd73c849f7975aa3705947647650N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB