formbook | 2[.]exe

General

Target

2.exe
Size

185KB
MD5

cb90c75f8cbbbcc3f74ee22288c800a1
SHA1

1c84ad88465e6eb1b91dfaf099bf2697e44ccc0d
SHA256

b3d45d85cba27f6900215868e9e6e9a97fb95648a42396305cd8bcb50c8e80d0
SHA512

22e8fd5f34e92ffb92e362efdc3866c9bfab68a5f6f463f64ae4f16876722dd4595e0cff34f970dd87140859b58e6acdb20c8b82f27ed42bbf7cc80f46e7a314
SSDEEP

3072:8MHDFaMPRIjxWcy4C9y30XclW6Qilinp0fJ4XNZkAC581h/dgHG0uD1X4/qZa:e7UL4Co3js6QilinA4XN+zKh/uG0u5XC

Score

10^/10

rat l26n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

l26n

Decoy

vtxapg.bond

iscussatthetable.net

q5b2.vip

urculturalbuzz.buzz

0xfulisuo.xyz

iz-kyc.online

atladies4kamala.vote

aison-maison.xyz

codom73.online

aosecurity.online

szxart.xyz

ergecast.net

ealker.pro

hickensforkfc.net

ldoradocasino-uee.top

afiqgroup.net

ercania.net

sdc.ngo

raphic-design-degree-37012.bond

888yl123.vip

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2.exe

Files

2.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB