formbook | 8d5305302fd6f59faa7ed5eafc6567bb6f6982979ebce1d4b3af8636b190ffd4

General

Target

8d5305302fd6f59faa7ed5eafc6567bb6f6982979ebce1d4b3af8636b190ffd4
Size

188KB
MD5

4e6a4afa668ae74bdd99a750fe9e3cf0
SHA1

90bf64614cf0dba11de65c76fc850ed8906fa778
SHA256

8d5305302fd6f59faa7ed5eafc6567bb6f6982979ebce1d4b3af8636b190ffd4
SHA512

c46ee87ccafb18b8397c4442b117ae96f748e0eafee77c97b3acfcc7cabac47746149e82cf6dbfbfac28009f08ce3f696ae5e50728ce70433eb81f12dafab839
SSDEEP

3072:fFWPkvmvilna3bsVuDtKFqWV30baD7I+9QaE4u09nfdzpFF2+Zk+:BFcb8ctKFqWxrk+9QP4u09nfdHM

Score

10^/10

rat g47e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g47e

Decoy

73346.top

matureshift.shop

bohnergroup.com

snehq.store

7pijj.com

wineshopsonline.com

reactivecreditagric.mom

aganderson.net

1800302.vip

942565.com

phonetography.club

garansugar.com

pinetree.email

34245.top

thejoy.run

pointvirtualrx.com

pqz.info

paddleboards.shop

vvapro.info

8peakssustainablelab.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d5305302fd6f59faa7ed5eafc6567bb6f6982979ebce1d4b3af8636b190ffd4

Files

8d5305302fd6f59faa7ed5eafc6567bb6f6982979ebce1d4b3af8636b190ffd4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB