formbook | 5067266aebd98b5d7d7f69488d4cf0f6f3b07a4710c1f1fdf0286dc2c4202fcd

General

Target

5067266aebd98b5d7d7f69488d4cf0f6f3b07a4710c1f1fdf0286dc2c4202fcd
Size

181KB
MD5

23cc9c8bdd07777965372ba1ee5b1d2d
SHA1

211f9dc2f0c4f552a0207d0b90b07753547d08f4
SHA256

5067266aebd98b5d7d7f69488d4cf0f6f3b07a4710c1f1fdf0286dc2c4202fcd
SHA512

acf8d054007b77ad11734c923d19f5b686df2ea573e6b3707e9cd6de590714f23b819018b2e5a15a9ade57ca4e5794bc98fa56f482d5f367b46bccdbce0cbb5c
SSDEEP

3072:SqL37hZgGw0ndIoq7BS5fLWgi2SDiOiOQ0ycfCI4T:xLQyIf7whL1i2JfLIyT

Score

10^/10

rat ych formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ych

Decoy

ngf.xyz

socialbugbykc.com

wyshio.com

test08172020.com

motomaxxmn.com

danar-digital.online

045635.com

cocteaucorporation.com

fessuhenewasee.com

papamovel.com

gashepublishing.com

fridgeofplenty.com

rahsiasihatsentiasa.com

instinksystem.com

playonsemble.com

vfmbees.com

trap.tools

agnesthomas.com

heatgemini.com

chasingpandas.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5067266aebd98b5d7d7f69488d4cf0f6f3b07a4710c1f1fdf0286dc2c4202fcd

Files

5067266aebd98b5d7d7f69488d4cf0f6f3b07a4710c1f1fdf0286dc2c4202fcd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 177KB - Virtual size: 176KB

.text
Size: 177KB - Virtual size: 176KB