formbook | 47350f778c8d8bcddf42bd75b010c496519094cb43f79b03e3ae33078de98dd5

General

Target

47350f778c8d8bcddf42bd75b010c496519094cb43f79b03e3ae33078de98dd5
Size

188KB
MD5

3335b51eb9c7bc4131e1d84bee2a3db0
SHA1

d6f3ac6e8a5a5b71e581f778a7947a237fef6bde
SHA256

47350f778c8d8bcddf42bd75b010c496519094cb43f79b03e3ae33078de98dd5
SHA512

756ba2d1420901cc074f6f270b8113252fb1560ee281f55823a8c1cc0f50dac1f8ed1e3d8c80ed139a604587e869a65a4dfe2e28a7f6e3691c0197e5905de2d4
SSDEEP

3072:CV9iF194vBkkoXlIasXOwDNLaPDhC/7l5XTe+/7ABQvAqvzcMiISPwo9:HMwIaGOOdaPDhCTl5FK17Io

Score

10^/10

rat f6ui formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f6ui

Decoy

baybeezchildcare.com

luxedk.com

tsplace.biz

romualdoandrade.com

stitchyarnshop.com

fezora.xyz

zxczq.com

mccoyspeechcoach.com

come-wann.com

oceandragonmanhattan.com

freelotto.online

riopenascohunts.com

kindredcondos.net

firsthandhk.com

smartak3.xyz

heystudiocr.com

clearvessel.com

tjweifukeji.com

89biwako.com

daliexpress.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47350f778c8d8bcddf42bd75b010c496519094cb43f79b03e3ae33078de98dd5

Files

47350f778c8d8bcddf42bd75b010c496519094cb43f79b03e3ae33078de98dd5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB