formbook | 74767ea7dd7c4fc21cf131e0160ed270N[.]exe

General

Target

74767ea7dd7c4fc21cf131e0160ed270N.exe
Size

188KB
MD5

74767ea7dd7c4fc21cf131e0160ed270
SHA1

892725995e452f28cdfe7f2778da76244d62c8bb
SHA256

8489bd56a9600404fd96c0a11290af3a56f5a3cdd77274446d41d678248b4d44
SHA512

6e7a27ae6b95ac1922e2336ed63064813380d7d86fb8cea4a075f22e86d87a0b1642f2f3e8b02ba3f99e5625afeaf0660e7f0bc29b2ca23cb0dc599472ee1f5a
SSDEEP

3072:9XqcEZpJXbWbBA+xfdpKKa3s9UcqmtaMqE7bNxop0yRJAnfH8d:umyufdla3s9Uhe7Xo6yR6fc

Score

10^/10

rat de94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de94

Decoy

gx899.top

whoistommy.info

vabex.shop

vduwum.rest

betbox2351.com

ch3kat0.online

kaduexpress.com

sibonline.shop

bt365918.com

betterlabs.app

denversandandgravel.net

webzlp.xyz

tdodtn263q.xyz

zamaninvest.com

vcxwpo.xyz

myastrolyfe.com

lsm8v87jnkrqcnr.buzz

ilregnodellecozze.com

auroraskynholistics.com

sewassist.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74767ea7dd7c4fc21cf131e0160ed270N.exe

Files

74767ea7dd7c4fc21cf131e0160ed270N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB