General

  • Target

    320-64-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    c3275f2a9a1d3bb69cdb5352b670a746

  • SHA1

    548192eec7cebe4219c36e8a971d0add45f39759

  • SHA256

    d15dfacb304f09aaa4e1eca88c0ace6d290e0396213d4a3266a087f13b013d3c

  • SHA512

    647fa51c8f5ee8cc6d193e193fa402eba4f80805c497743b2b87131099e10d4a925751dee668f9704f6adaf75822352a4d8d989db6bab408afdd288ac3a2abf5

  • SSDEEP

    3072:XJMh/k0IuHkJW39L09U2iqOGMpMv3QMrvrZ9eJ6+rZZ6:iRIA9w9ziqOGMmvVZwsm

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

upa6

Decoy

farmaciadelverde.com

1whcfc.top

djameshomes.com

kylepauley.social

dawncharitabletrust.com

leverdurable.com

bluxban.online

oceansideglass.net

pcdcompusoft.com

dlunion.net

continuumadvisorypartners.com

tvlfood.com

pillblue.co.uk

1win-site-3.top

e32mbe.shop

mawelk.xyz

garage365.online

commonwealthbank.online

xw-04.com

smartcitiesrecruitment.co.uk

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 320-64-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows x86


    Headers

    Sections