formbook | 364-70-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

364-70-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

afc20202682c6207a7a31b240503a46f
SHA1

5a77d85795b54554fe314e0527266f43bcefe748
SHA256

26c5b538a215cfdcdddfea94e848bb43a7827691963ab4bdf3c2e4d53296227c
SHA512

989aeec12b7331e6695d4499256ba4463926697a049de11d1867ccf363f68049d608f43375a169b99e2d3ec1bc347d9e3ad1d1c875912f6dd16eaf9c3ab09979
SSDEEP

3072:+5t0w9XFrKUyChxr804UBuiiTiP0V6Lr5cNYNXmJ1Zk0QrJt9rlu9daXRv4:+pQUhuFiimXLr5cNYhik0UTXx4

Score

10^/10

rat gtt8 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gtt8

Decoy

42taijijian.com

rehnimiyanales.com

cst247.shop

usdt09.tech

lennartjahn.com

aaabestcbd.com

marketing-digital-france-2.xyz

be4time.com

slotyfly.com

parimaladragonflywellness.life

phonereda.com

01076.win

thehoundlounge.info

high-vent.co.uk

14thfeb.com

onlyforks.info

joseeandtim.com

mylegoclub.com

iuser-findmy.info

uninassaupolopinheiro.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
364-70-0x0000000000400000-0x0000000001462000-memory.dmp

Files

364-70-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB