formbook | 1172-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1172-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7981eda55945232414512cc15bcc6048
SHA1

cd6f39dc8e72d038cf253f8d2ce8f395e7a478be
SHA256

259052875f44d88e2ad272bce2a63c328a64074099d7b38152a207043ca26f82
SHA512

5081a53a28a9d295bdb4aa78479a98231aa9b6e2aaeecc8fb52145f4a546aaa0ca6c7cbc94e5231214d1fcf8d8a6a14eef875b55122949bbb5b30ed8eb075a11
SSDEEP

3072:3HJRT+khPd3g8gUp3oudAgrDq4AKV9FUzmlYKGEYuCraA1vwLZ:lxVoOTXq45V92vKjYuhgvo

Score

10^/10

rat km37 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

km37

Decoy

busybody.app

damcostafreda12.cat

blueridgebedracks.com

hilltopspice.com

addonysfitwear.com

bestridelabs.com

huashi366.com

1wihug.top

66563.se

96mvipmy.com

lab1207.com

80b80.app

graphicstudio53.com

xn--etherealsoires-mkb.com

bestrosetoy.com

discounthub.xyz

addmusthaveoppprofit.online

abovegame.biz

getv3apparel.com

designroom.app

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1172-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1172-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB