formbook | 92f0c3a2a728b93cf069f76e55eb7d211272477e9b3e228a074121540f885427

General

Target

92f0c3a2a728b93cf069f76e55eb7d211272477e9b3e228a074121540f885427
Size

188KB
MD5

ecac6a494b50934f6be5f96b20d08c83
SHA1

36c0f1e60fea2881d33b9f8c7e58743338a2b822
SHA256

92f0c3a2a728b93cf069f76e55eb7d211272477e9b3e228a074121540f885427
SHA512

a379fcb419c2ba0c940523a7141a6f68635818677de8b1bcabd37cb293c7902ae5889c93e98cbae000eb6505b512125efee6ce7c302550744395802a2dbbbd97
SSDEEP

3072:2S/EWrtHLINtWnr31rzu+KLp6xtl1YAK5DUPg9IhOMvIg6Y87JqVBYksA:1rt/D1++K96xtl1YAK5ggqfI3Y87AVI

Score

10^/10

rat we45 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

we45

Decoy

daughter.today

wwwhonumg.com

hauteautolease.com

promagics.com

quanluo.icu

hr-technologieslondon.net

metaverseflight.club

go-grocer.com

f80865.site

wireless-headphones-search.club

minehouse.tech

9itop.com

c-fidex.com

semeruglobal.com

indianspicesonline.com

bahiscomkayit.com

matreetechsolution.com

mayfaircakes.com

arabechoes.com

carcareshops.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92f0c3a2a728b93cf069f76e55eb7d211272477e9b3e228a074121540f885427

Files

92f0c3a2a728b93cf069f76e55eb7d211272477e9b3e228a074121540f885427
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB