Overview

overview

10

Static

static

10

375d1a9b98...30.exe

windows7-x64

1

375d1a9b98...30.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee54c4099c869ef598c80c983a57c6b204185ae03bc32a7bc752a4482b0f2df9

  • Size

    138KB

  • MD5

    97fa6ba801c8a0e84d314c7e29bbc4be

  • SHA1

    dd5d73c2e13dba3f5481ff216b265ef9b7f4dd4c

  • SHA256

    ee54c4099c869ef598c80c983a57c6b204185ae03bc32a7bc752a4482b0f2df9

  • SHA512

    03427b78c7f0c0186f417481c2ab950191c0f46ea2ebf1dc05c9bd1c1efdce4ee60ee4de4c0fcb003210b11c07f6b5117542273e46dfec17c2e25e6071037644

  • SSDEEP

    3072:wAvsiE2iuynrO+JU9rq0ktP1MGupSWE/FZkV:wAvXp6rg9rq0k8GupSb/zW

Score
10/10
ratfs93formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fs93

Decoy

talesofterrorhaunt.com

adpir.com

federalexams.online

ontop88.one

sasquatchscreenprinting.com

thegoonstate.com

cuetik.com

334098.com

tronzolacero.xyz

fashion-therapy.co.uk

stationdjradio.com

28530wlakeviewcrt.info

hastingsreptiles.co.uk

iwabrisibolgamonica.my.id

propertymanagementsanjoseca.com

vrtic-zepce.com

jthme.com

nha-cai-v9bet.com

ikx2.com

yeslon.xyz

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ee54c4099c869ef598c80c983a57c6b204185ae03bc32a7bc752a4482b0f2df9
    .zip
  • 375d1a9b98531aaaf0d05ad0c23f5ddca52ec2bbd4d2abeeeab58d03f8d8b630
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections