formbook | 11c98c3bbf3f08f0d47153a819980189eacc20b3eaa44d2a88ec8a8aac17abda[.]exe

General

Target

11c98c3bbf3f08f0d47153a819980189eacc20b3eaa44d2a88ec8a8aac17abda.exe
Size

247KB
MD5

ba501476d5eed368c2975c5e9976ba41
SHA1

535282f5234f5c48a05bcec25026fa32c4a05617
SHA256

11c98c3bbf3f08f0d47153a819980189eacc20b3eaa44d2a88ec8a8aac17abda
SHA512

630edacc8ae82d10f54168d3ab018f961c6c6c15fb1f68a227d6c716e38ea341430984105aaccb96cd20bf7810f883b8cb6073c82f8ab648dcc1a58409d8efa3
SSDEEP

6144:69LI3rIbe7ixvQXf1G7Qtbfy1+D1NbWF6VomjoW3ziGQ:II76e7ixvuKQtbfy1GbWF6LjoWFQ

Score

10^/10

rat ny03 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ny03

Decoy

utori.rest

eguropag.lat

urtownnc.net

andr.xyz

ciencesphysiques-igis-cg.tech

valita.fun

ipraya168.cyou

iege.net

uired.xyz

jha28.win

ividcleaningservicesla.online

exsentials.store

leaning-services-50948.bond

nternet-providers-69016.bond

nline-advertising-40574.bond

eidmueller.cloud

wise.xyz

lasticdrawersorganizer.shop

luegrass.construction

awn77play.homes

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11c98c3bbf3f08f0d47153a819980189eacc20b3eaa44d2a88ec8a8aac17abda.exe

Files

11c98c3bbf3f08f0d47153a819980189eacc20b3eaa44d2a88ec8a8aac17abda.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.rsrc Size: 61KB - Virtual size: 61KB

.text
Size: 180KB - Virtual size: 180KB

.rsrc
Size: 61KB - Virtual size: 61KB