formbook | 506b3ba926f0664666d388c47a80ce2a86dcda5a6f5fddbd6a4eb219c5d6acb9[.]exe

General

Target

506b3ba926f0664666d388c47a80ce2a86dcda5a6f5fddbd6a4eb219c5d6acb9.exe
Size

185KB
MD5

4cfa55e6b05c75da431b000463e09f21
SHA1

ecfe86adb04868ec5e3f6d1db52a722bf0501c94
SHA256

506b3ba926f0664666d388c47a80ce2a86dcda5a6f5fddbd6a4eb219c5d6acb9
SHA512

0ce087f5765367e1bcddfb854b412e9fdfdacfaeb09b97865233152dbf3806a98a4f58dc89f02bdf20ee1a1f871a1b01b7e204d1ada1db23aea975731ab7114f
SSDEEP

3072:8r5bFrQKYSDupF1LtoOXTf9R6ZO6VYtwb8gKUxbew0HX4JEDt+:mGKiPtoI7eZO6VQk7Kqe742DI

Score

10^/10

rat b101 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

b101

Decoy

ent-apartments-2801.click

lsyw.top

eccurastock.online

j958.net

eepelement.tech

rueblueimpact.shop

etechhome.net

ianchui.cfd

mall-business-22321.bond

tatewidefinancialservices.net

orbitmac.info

ovehkjepe88.club

zzhmamn.xyz

uslimbooking.net

uto253.pro

ortalexpresscliepr.lat

tikk.shop

iaoniang.cfd

sdg-6603.cyou

myd.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506b3ba926f0664666d388c47a80ce2a86dcda5a6f5fddbd6a4eb219c5d6acb9.exe

Files

506b3ba926f0664666d388c47a80ce2a86dcda5a6f5fddbd6a4eb219c5d6acb9.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB