formbook | 768-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

768-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

38cf6af5693ea8d3e1b4dee3a140d61c
SHA1

12957c23ff59c0a7aa1c7bf4f98ce33228c57314
SHA256

bb708a049b655e2b00efa463f2c46a49239124aef2a811466df10e555a077c24
SHA512

f5bf403a63878d0207c3f6f279aabfc4ea84332f7ab3696d7e1e8ec71d6404ad5baa17a6a81e6b8c598d3f220bcd8ebbfc9b1ebe14d4a23e14e3cfc2b2f16938
SSDEEP

3072:qOj7kNohQLst13cv4+08HKmU3EtfdJidSGOdLHF0yBODDnh:uoZcw+BHKmU3Etfdk8dLl9o

Score

10^/10

rat so23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

so23

Decoy

evocna.com

africanmoonadventures.africa

immoyoussef.com

levelsjealth.com

galuzaekaterina.ru

facenest.biz

dataclaws.com

hxhss.com

freename.app

rowansenioridol.com

belfiusbanque.rsvp

infracinco.net

jills-life.com

chargegiga.com

dpxqz.com

66y118.xyz

getvidsquad.live

avrupa90yonetim.com

barentspressprojects.com

calmpaththerapy.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
768-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

768-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB