formbook | 680-86-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

680-86-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

6686b86d721b1c640604e0067ca1c98f
SHA1

111dbd9a4965d04a3261cdf895d4e92313804630
SHA256

37d0ca68f6f7803d50f27dc5b96e2743992a0a5a97491486d9dd10e648bc3c97
SHA512

89ff3574eb61ebc4c9dd394d815932d0f1f3e0a4e7a007f8bd93ab4ac452ea813615b3b23209767f13adc4923f8918bd89b1ef1b936f9df7da962b02137c9f43
SSDEEP

3072:kMLbPkPA7N1UB3BdU2NqR+Kr5b9m8k9KC78hoWd7MwtRlQF+kYTpGi:gd9B2AW+Kr5b9DkgC78dNlQFcT

Score

10^/10

rat mi62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mi62

Decoy

keerthip.com

xtrtek.com

cbhw.xyz

f1805.top

scaleupbd.net

godfearersresearchinstitute.com

cnpo.co.uk

aperta.online

herbalxlabs.com

arabcamps.com

hge025.com

lifechangingalgo.com

just-cn.com

fornettobarbecues.com

klaxoob.com

francejordan.tech

zhongshengshenghuo.net

auakfgsbdj.one

incidentesvialescoban.com

kochfun.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
680-86-0x0000000000400000-0x0000000001462000-memory.dmp

Files

680-86-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB