formbook | 2000-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2000-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8a6738de8fb36e12cc43c5bd5793d8de
SHA1

31b0e98ee9e92c20a2189bec2556eae64ac8e76d
SHA256

d6f6a23088c72b43f41f2cdd13823a7ea769658b8432afad6e592c9fd9c66ba8
SHA512

298c4dc3e7eec58ec612e16ddc034b5a308577098a01d81fe1ec097dba9574408cdd8d894b9a6d74189fb547bcab100340212e26fd2f341dce1e40b75dafe20a
SSDEEP

3072:lX7dkX52W10+m73Zyz3gURqYXx9Gpmrlk1c8iowUDLhTmceFkn824:qn8TZw3hRqYXx9Islk1cDow8CS824

Score

10^/10

rat t30k formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t30k

Decoy

coquitosatl.com

havesnuoput.com

edicareenroll.com

eltechcenter.com

abnahesi.com

husgrunderalvsbyn.se

emjpurenaturalenterprise.com

fixedfloaut.com

poshturefinds.net

experiencetoro.com

3dmedcarse.com

digitalmarketingcourse-es.life

lawyerinyakima.com

blklashes.uk

gfxzam.xyz

mkartsforhealth.org.uk

khietam.com

kidrelieve.com

carepluxhealthplans.com

southwalesnappies.org.uk

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2000-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2000-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB