formbook | 1948-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1948-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ac9dd0c08a70c657913f298001af2ee9
SHA1

cff66c531b09d3a8da6a4f214678e877812d126f
SHA256

96f442797673cb085af4d1e0a3a8edbaa477adc0ef34e35df76a266de2c62461
SHA512

6fe963cccddb2563b5aaf5c0bddfa91937f71715f6b908079ec34a6f62598d3f578b0c8de06b102a88052faa7ac66ee4589a39186b723491a294ccd169e6e423
SSDEEP

3072:+r5IfNksFSrd2JTWb3VCKltwtqcC6tk/Tx0AGd5s6bkWNpNTD5nz:vMZzV9zyqcC6u7Gd5s6ggpNTD5n

Score

10^/10

rat g3th formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g3th

Decoy

casemierlawncare.com

715harrison.com

laiwudj.com

jhy6id3bgsu.cfd

gewnaj.xyz

hullo.social

animejoyy.com

florenceodd.click

accountingassociatesil.com

cxuu39.shop

isabelladowns.com

checkstart.net

b2bmails.ru

wehantz.com

thejjwhyte.com

jerusalemfoundationsusa.com

newagreement19.com

findel.xyz

czanniversaryring.com

ape5n.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1948-63-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1948-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB