formbook | csbdnquus[.]exe | Triage

Sharing

General

Target

csbdnquus.exe
Size

760KB
MD5

c431847b601038a906219f4429c30bf4
SHA1

2e31eb56b0bc1c655c8d86347398276067f0b15e
SHA256

f51db63fe8be8e59e25e8363e5930309e9a9148925e583da18ea7e31bc9b0a96
SHA512

84c19678c4be4a48c6759a396d93783143972ae0616ab23e6a9bb453c7ecd3c50d7fe0d3e1293e7146023cb4fc2767cbe75bd72ca51d2bb831d5ecb1c9e0104a
SSDEEP

6144:/Bz+lXZtn35VWFiGP8XJD/HobegCAStpL+kmNw0Fq2ecTY668wC1:/sZt35Vy85jubwt5Ln0D3Y4wU

Score

10^/10

rat formbook

Malware Config

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
csbdnquus.exe

Files

csbdnquus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 757KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ