formbook | 2028-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2028-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9fa3b223cd75c06e7df80a8e211b3b85
SHA1

86d6fbaa6d592d4d0f51de29e6ab7040681dad4e
SHA256

fcbd89f6eafa4c014b4d9f03151677870c0bc82f028002cad13b6c3422ad6a25
SHA512

25502cf9ea605dce6258b9d73058f791c7d5c7aabe7ba1809b400a174ec02a652aa37a56c3fd0467f6fe42674200bccbf28182eb19488baf1e097a7ae59961b9
SSDEEP

3072:VpYdHkrQtNYxED3eZ8UH7kMqnuB9nrRnzKSBAUgSx5Jf+U3vGeGWgSqvky:0vreGGqnuBNR+2dnmUsWL+ky

Score

10^/10

rat sn84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn84

Decoy

psptek.com

seshoo.com

dogwalknwoof.com

teamdaigle.com

mimzevents.com

algerimarket.com

rr251r55r.xyz

indialgbtq.com

huatongdk.com

couplecoaches.com

fleshlierwickerwork.com

ambito365.store

hoaified.com

shunsuikeji.com

uiomke.xyz

xn--12c4dfj4gtc.net

pika-moon.fun

breakingbarriersglobal.com

aqua-ammo.com

nmc380.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2028-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2028-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB