formbook | 1140-87-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

1140-87-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

35f19d07ad27f5840323f218f3c7e71c
SHA1

165919cdae53a2501ba2d19918fd0a86c88f69f1
SHA256

95c2201603cc9e2866d86e6725d3ed5510031cb49064ee6a5ddf51bc34fc75d5
SHA512

b1c04a259cde621d350875d98e0f3a5e6cf98d9c6623303a75de268dfa9e1e26b3a91d01a8e8348440e79c55da812c8b43e0e189aaa975c1fd657fa103cf90bc
SSDEEP

3072:4hIg39FjjoLA9F874bHeCg5bHEA56e83uCXzzUbP2CPb4Tld1fT0VfN2t+PHM:1YjTRbHpabkw6H3uCjgTRg1AVfU2M

Score

10^/10

rat xchu formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xchu

Decoy

zcartoons.com

castilloshowroom.com

3bmmdtod.life

misaxoxo.com

nadiya.online

sykkbup29.xyz

triciaaprimrosevp.com

newleter.com

ptzslk.xyz

lightbulbfestival.com

texaslandline.com

ideeintemporelle.com

girljustdoitpodcast.com

medimediamarketing.com

bunk7outfitters.com

charlievgrfminnick.click

lifestyleinthehome.com

atfbestsale.online

frontdoorproperties.co.uk

grandpaswag2024.info

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1140-87-0x0000000000400000-0x0000000001462000-memory.dmp

Files

1140-87-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB