formbook | 672-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

672-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

f289ba1ea5359f33c909d80143470a4e
SHA1

45bdb7306921803c65709bc0a61b1f07becc0028
SHA256

b2dc76e99b9a32f950316bd74030c4412d4806b37d3aa24bade307797125bdce
SHA512

a53b6700bcb7bcb169b6d023f62d31fefac6781a046c9da0bab18fa52b74bcea666371a94cde97ad47428b8cdc30118896703bd6a2ef24b99094703a9e9a1ebf
SSDEEP

3072:e30GhkRUk6HIj9U3L/1zTrvUKHZLGU/aMz9qvNhNZBTCaIc5vHFIdWZG:4sUi96L/xHUMZLGU/ayopZBuF8lIoZ

Score

10^/10

rat a07n formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a07n

Decoy

lorddepro.africa

starshiptransports.com

genbanc.com

groundzeroexcavation.info

itechgsm.net

kwaraloaded.africa

growstellar.co.uk

ancaratviet.com

lesama24.ch

bpkpenaburjakarta.online

lauriallen.com

piedmontprofiles.net

hydroosn.com

offgrid.page

evantlc.com

kansholibrary.com

bresz.online

h3avyk3vy.com

expoplaza.africa

kidsarray.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
672-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

672-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB