formbook | 1296-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1296-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d697675570083d86d9f9e42ae9188d87
SHA1

186328b9bf95d72a6d0a756a3eec931acdbb7673
SHA256

9b53e53cb21d085a56b41dc094a7602a9b6297753ee1ddda5dd91ab4c1b14026
SHA512

11cab19c671038fefb145e7b8b5d0976930bbc08a02727b41d576aa1ea0e4f3cd360b89e307ca24d3076577481beb27c0a56194b983c3f07cf41821cbea097fb
SSDEEP

3072:5JKx4kDrJeT4L43B2yMNZbXotPzYxaBKmycfyi9m:ix92BhM3bXotbYx5Zcaw

Score

10^/10

rat ca82 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ca82

Decoy

joins-israel.com

suffolksheep.net

audiservisi.online

lomasleisuregas.co.uk

bbyuanzhi.com

asapmotohub.com

witneshambarleymow.co.uk

krmediaagency.com

alfonsoscuottosrl.net

cabsforrental.com

drx72.com

allegories-bunk.click

aladdinhouseofkabobgyros.com

glhbsy.com

mummytwinzsolutions.africa

bwin455.com

7fea.site

czwjjgcbearing.com

giwamfbank.africa

iweb4logmt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1296-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1296-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB