formbook | 1484-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1484-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

f9abc1230dc349e0e331e47bd1ece195
SHA1

cae302bfd68f0a5e74f53ffdf6187920c7c360e8
SHA256

ff3e737e8fd167f2969bb1ffa616ee0ba5b31e0b09faa20aed30a0c126bb97f0
SHA512

10a6979d4f0b61ae37168909b16b8a27fa553e8a254b1b650d2c9fba3e125220ef9038860e7d08f8b71bed341635927e342b9343be37c4a63de9d720050fcc4b
SSDEEP

3072:yUw7FrnhEz3oIQpBItQprV5cwqOs2i58nZCWyI0CMzWgfkn98gJ24V8kN:KJhbnctQlVvqD2ioyKMKgfSpvdN

Score

10^/10

rat qf9d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

qf9d

Decoy

littlearchaeologists.com

asocchoferescampolindo.com

petrolubeoilcompany.com

crowd.properties

isabellemasozera.com

heyymerch.com

luxuryitalytravel.com

venuslifecenter.xyz

wuqiao12.shop

liquitee.com

thebabyedition.com

bestdatingti.xyz

giwqyvsvyii.com

tltpropertymanagement.com

karenaalfapibi.com

iq163.com

mybeautyphilter.com

starbilgisayar.online

glucofreezelayers.online

yufubiology.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1484-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1484-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB