formbook | 520-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

520-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

490f5264b208f45b956451ba88726e95
SHA1

92b37fda82b99e53a1586e50c02b76b1df07ad8a
SHA256

98f99fe787c2accbb13c8140450cded84573f65e5cea1db96c3690c15fcf7a6d
SHA512

744bbd7d6ba2f52d8034302b174ea5a8f1f58081eab866c71598ccd404f894a0c3f1575456eb5d12d5432c10f95959cd0a3917af5cfcb9709f8af49e43ff1860
SSDEEP

3072:bluEkKwZ/9hH8dRh35IhK0wOzKEhO4C3U5Af1zpOLZW8fEXdCmWDSjZI2xY:CFsd5MK0wiKEhO7hdtOLZW8cQDSC

Score

10^/10

rat by94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

by94

Decoy

confidence.africa

louisvilletreeservices.com

kevinsavich.com

fashionsally.com

equinetherapyco.com

aplikasix.dev

forexaffiliatehub.com

mysboxcloud.com

kefclothes.com

travelwithmanta.africa

sweetwaytoheaven.co.uk

smarleyconsultancy.co.uk

consensusex.com

cutemaatchy.com

cloudwns.space

bluwallet.app

ajabashidenki-recruit.com

vappylimited.com

kjgrantconsulting.com

best5wifibooster.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
520-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

520-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB