formbook | 452-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

452-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

141875f53b0ebca87d41153840b49e1e
SHA1

090991076bb2aeab3334045166771252e5f36d3b
SHA256

96ac57daeebc26cbd9e3216001515ee8964e82799783b73293f53263a05229a4
SHA512

4233f397f78ca2fb3feace1435f581208ecff95f808fc0f709774372c12527c5564d35a6c401cfae603c06fc40f4affeb13daefc83eb1b485230a799c508e5a7
SSDEEP

3072:2G79UrSmhc2Yj/d3h7s7a1b45AfUG4YXE9ZoAyAa6fv:WrYJxY7a1b88aYXE9ByAaY

Score

10^/10

rat mr04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr04

Decoy

delimboni.shop

fluffysiberianhusky.com

groverstandoorishala.com

digitalcharts.xyz

brilliantinds.com

cdrjdkj.com

hypeslipperofficial.com

kx2776.com

i-r-l.ru

crpons.xyz

0-proof.com

northstsrcleaning.co.uk

flytimfest.com

ifydigitaldeveloper.africa

n-healthy-life-style.ru

x-etruck.com

sugarstory.net

dgshilibiao1618.com

dgsjhbl.com

magnificient.africa

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
452-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

452-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB