formbook | 296-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

296-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

04c6627ce1c922b95bc05882e164662a
SHA1

b9467dc78b2349418f3205e7cb5abd95d06f64b7
SHA256

782e3b937debdc7ed8ded954d690b85b6484ce98b265f171acbd84318c55697f
SHA512

40800176bac902667040153bbea41965b220dde42ef09427e86840b42111b5a7d250d6d28106fe9c4ef2d273d59b76b294234b207d43591f207691156ae9c408
SSDEEP

3072:Gd/9V7QOk3mjum8z473AcCk5N6D3RjTsoow9wrLtWRhrbreId7cU2:M3jVTADkv6TRjTSptGn7E

Score

10^/10

rat cs94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs94

Decoy

dhaliwal3.com

iptvebay.shop

hsfgass33.top

cammali.com

dcleaningseevicesltd.co.uk

amzosecsn-jp.icu

builtmedia.co.uk

duoguang.top

forumken.net

cqivrh.cfd

lr-nexusark.com

carrirae.shop

jtownexclusive.africa

georoiddemo.online

lefinet.com

otc.rsvp

kitchenpharmacy.co.uk

bbywafz248xca4.com

digijockey.com

9-ji.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

296-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB