formbook | 1272-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1272-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

997e1ca22b4af92352e85acd33877495
SHA1

31bcf45571de94e4624c9828dfc4d3fa8548130b
SHA256

f38668b5ce893baf2ed147147e066120418cd510bcc65fb7676ff1828c2b081f
SHA512

93487a8c929310ca038e0284cd234023d744e9c38ef348ca8d4ee03084f24338b4a2e4affeae6f4b54db723dd4fd8ce9cec1c14912142c22c21a06e27fdc545c
SSDEEP

3072:GFWAgktt3b5o1o63nBlbyRq0fIyMyfcflxPvju:GIVn78q0fID7Dj

Score

10^/10

rat t30k formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t30k

Decoy

xatenwal.online

everythingbanker.com

woodhome.online

masturbatorzone.online

towertechnicians.com

7744100.com

teslatrust2x.com

bbctravels.com

33923.xyz

yhtiye.com

swiftpas.online

04eb.top

zvd.store

fdasdo.xyz

activaokers.net

ctsoapandcandles.com

buy149.com

junkremoval-az.com

hv870.vip

axumventures.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1272-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1272-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB