formbook | 5f01cdd53a5f0991a42cc89bf0569ce7dba71c7d991b49b998daa0fad5648aa3[.]exe

General

Target

5f01cdd53a5f0991a42cc89bf0569ce7dba71c7d991b49b998daa0fad5648aa3.exe
Size

188KB
MD5

fa862a406b374fe1717a6833e2dac044
SHA1

3622470179894ccfab27aa9700d0e143c2f7b398
SHA256

5f01cdd53a5f0991a42cc89bf0569ce7dba71c7d991b49b998daa0fad5648aa3
SHA512

9fdcc4e564db0d8b7ff6fd250e8664fa64caf07b0411ba078d8ec1b556e44a1edbaa6d957e1154ee84fda2df1bf59e3f6c4d25766d68f6fd6426a81ceef34e35
SSDEEP

3072:fiUkOFr0NBN+6cMQnjhQvAUtZcHqq9q1ydC/JxMfStJjVedJL:UTNBlqhQvBtgqoq1ydC/4fStJjY

Score

10^/10

rat a02d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a02d

Decoy

coplus.market

oofing-jobs-74429.bond

healchemists.xyz

oofcarpenternearme-jp.xyz

enewebsolutions.online

harepoint.legal

88977.club

omptables.xyz

eat-pumps-31610.bond

endown.graphics

amsexgirls.website

ovevibes.xyz

u-thiensu.online

yblinds.xyz

rumpchiefofstaff.store

erzog.fun

rrm.lat

agiclime.pro

agaviet59.shop

lbdoanhnhan.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f01cdd53a5f0991a42cc89bf0569ce7dba71c7d991b49b998daa0fad5648aa3.exe

Files

5f01cdd53a5f0991a42cc89bf0569ce7dba71c7d991b49b998daa0fad5648aa3.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB