formbook | 1188-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1188-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c148cbf3b96fe0b8eea8dfda0a41eba1
SHA1

3ec4330cc1e85ad50707a39bfaf2c3f061c0802f
SHA256

de73fdc6d1412da00e01ae49ecad99579a10651eee043c0a8bc3cf8550f7c76e
SHA512

f1b7ef8967e0f40e6834b4997beb817a32a63495861af6d92b98e457d0bbf3824a3ae2b4f7e138e66390ee77b252adb5e4c53416ff27420b93e733a62754ee76
SSDEEP

3072:DiTYeEXuIBZkyGXP32bWsYU5qixJWi1P7fkUVGuj/mWa+voQ8W3:DX5ByP2isYKqixJWix72J+vo1W3

Score

10^/10

rat ca82 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ca82

Decoy

idunresearch.com

loiioo1.site

aimobilify.com

limousineswebdesign.com

darshan-enterprises.online

javad.top

dd-spy.com

metamysme.co.uk

earticlesdirect.com

ldkj78v.vip

dariusevory.com

bestyoutubepromoter.com

dogcoinacademy.com

mestredosexo.net

mrnofree.africa

plan.rsvp

hoangnam.site

cadcamperform.com

091888.net

artwaylogistics.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1188-63-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1188-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB