formbook | 932-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

932-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

30a43154871cf108569a1ce8ea4e5c89
SHA1

8fe781e36de6947173ae37e710f2783b7bf23082
SHA256

5cccbb623774a86dd0c1c6dd41daac3e990a2028b9a4cbf25e90ae7f63382391
SHA512

67ad97d512b60d51d8d3d142eac57761c210dd49892bebe21d0ef93ad1f8798fd4246fb9a2e5a75deaa2de04d9263cf4cda3968af616241807ca2ca4983952f7
SSDEEP

3072:4CXqukYfhdKNB3ZYe4SYRm6rGBdfLglX2ZCtAPAm5LQgdXsVCC/l:vM9Z7xYm6rGBdjeX2ctFmyKsV

Score

10^/10

rat a04y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a04y

Decoy

eclecticconsignment.com

ablcommunity.com

fcepankshin.africa

cootefamily.net

chartx.xyz

64422.vip

cultured.one

breathingsunderrated.com

l0w2s.bond

atroitskiy.ru

caseidxosamazon.com

efefthirsty.buzz

0to9shop.com

fashion-clothing-40094.com

accesactes.com

acurreri.com

r4wcraft.net

benwuyts.com

bennettstack.net

abetbison.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
932-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

932-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB