formbook | 1280-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1280-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

f0a903d289ca9ad2cdd44090ed48d5e5
SHA1

4fb25379833e0ef116dbf739a535529a3ea74742
SHA256

1643acff4fe2eb741feaf659736e820be88a71713262eceb7ec0d16b74ecfe9e
SHA512

c7c9c850dbdc9263f04956f9387b6b85640d906cfb31b0e7eef0d6de1d9882441557b36edc991462c94934956b7ad97be448a074822c60bc13face0d860ddeb7
SSDEEP

3072:pwz7E5Viz3bR3MJrMSGFT7CZSbEgpba64ZYIQ4RAOD+3R:9yNMtVGN7CZSb/w64ZXQIE3R

Score

10^/10

rat mr04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mr04

Decoy

toursardegna.net

bewiseracademy.com

xianchengkeji.net

storyboardtools.com

sourcedwatches.co.uk

filmmu.com

elpayasocantarinpeluquin.com

dyogomotta.com

roguearborist.net

flycitytravel.com

lessstressmoreprogress.net

faircoins.xyz

greatfoodscorp.com

iqpari.click

369u-jp.com

fuvahmulahscubacafe.com

jaxsearch.com

iqpari.help

huodongdang.com

yetcox.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1280-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1280-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB