formbook | 1068-80-0x0000000000400000-0x0000000000615000-memory[.]dmp

General

Target

1068-80-0x0000000000400000-0x0000000000615000-memory.dmp
Size

2.1MB
MD5

281c53b874a50ed61f85dadc83f64d52
SHA1

62661fba14aff5ad7c699f2f6bd493e8ae4e2023
SHA256

c55f11bbb97af87e139911c058cb3d47d393ae7283c257558a5312193c3bb95f
SHA512

1fb77171ac58d2cdd03221c81371f754ca0c65863369e6ae552404032ff666586223572d65609e8f2e39c8ae587d613f4dd025538c519dded42d4ab4e294bd6f
SSDEEP

3072:IR0iE/FGPpGWn3W5SRSqryZC2sIDjslFDfkS7Rk9pBKmo5:Pi3WQkqryZCLIDUFDsgeA

Score

10^/10

rat il07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

il07

Decoy

lawofficeofchasearich.com

3332626f.xyz

wordpressbilimi.net

gdapp1.xyz

facebetter.online

koningmedia.africa

elitegaraje.com

lightingnews.ru

locationdarling.com

corrective.one

contamais.app

a2dzgm-bcx9.com

gyaanji.com

ibnuic.top

fsyiq3jp.com

dizirt.com

z3iucr5b35d.net

myfedloan.africa

dscovcorpoffice.info

ht80852.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1068-80-0x0000000000400000-0x0000000000615000-memory.dmp

Files

1068-80-0x0000000000400000-0x0000000000615000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB