formbook | 320-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

320-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c3275f2a9a1d3bb69cdb5352b670a746
SHA1

548192eec7cebe4219c36e8a971d0add45f39759
SHA256

d15dfacb304f09aaa4e1eca88c0ace6d290e0396213d4a3266a087f13b013d3c
SHA512

647fa51c8f5ee8cc6d193e193fa402eba4f80805c497743b2b87131099e10d4a925751dee668f9704f6adaf75822352a4d8d989db6bab408afdd288ac3a2abf5
SSDEEP

3072:XJMh/k0IuHkJW39L09U2iqOGMpMv3QMrvrZ9eJ6+rZZ6:iRIA9w9ziqOGMmvVZwsm

Score

10^/10

rat upa6 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

upa6

Decoy

farmaciadelverde.com

1whcfc.top

djameshomes.com

kylepauley.social

dawncharitabletrust.com

leverdurable.com

bluxban.online

oceansideglass.net

pcdcompusoft.com

dlunion.net

continuumadvisorypartners.com

tvlfood.com

pillblue.co.uk

1win-site-3.top

e32mbe.shop

mawelk.xyz

garage365.online

commonwealthbank.online

xw-04.com

smartcitiesrecruitment.co.uk

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
320-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

320-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB