formbook | 202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da

General

Target

202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da
Size

188KB
MD5

d26ded134963472d2aab82bc2511f272
SHA1

32cab91c1a4e7446ad51961f16a1be866f563340
SHA256

202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da
SHA512

50ef9620d7112bbed3e756b5b63ebe6530d4b24f29827d427b7860286fd0de4bedda0e888a98d3d6e6c878dda28076a76bad644bb9b469e036a248604f376727
SSDEEP

3072:kxCTrFKFw6NuG2dRFgK3s8bKAk3306TIOjyChzfEscnBq2Uf:O8RRFDxKAk330POjyuDExBrw

Score

10^/10

rat m10i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m10i

Decoy

rmani.today

ifebork.xyz

randovation.net

itchen-remodeling-65686.bond

himu.world

reverie.net

9038.top

rowahome.live

obility-scooters-63189.bond

iangchunqiu.top

yhd.fun

eniorsforseniors.biz

z9zs2.shop

kkjinni.buzz

22av373vu.autos

allnyy.fun

qst.digital

rcap.info

745.top

earfulabjectshirkwashclothe.cfd

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da

Files

202de9e3ed067073685e9ce6fbca6a0c7a32d8f636bf533976c8b6c2b19514da
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB