formbook | 03499799[.]dmp

General

Target

03499799.dmp
Size

188KB
MD5

6f2faea8b014be9a624ff070414456ee
SHA1

22b9d9f5cb99341a76a4d9333d222b4694d3b83c
SHA256

734158b4630674096ffc2880310bafd67f4a3a62eaf6ff8721bf9fb3efa3c1c5
SHA512

ac6846e345e529926a216b85826a8116c4d74c2727c7f0ea0f1aa8c416a76ec2c667360151fdf5ef7673a2918f8c42a796abab965b5171a39c62b89052a63b52
SSDEEP

3072:uWPNGvkvaYr7MO9nl39R7BR0AW6reJ9nlNPkQD6GbSil:Svc9J9LmJ6reJpgQDLSil

Score

10^/10

rat ga94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ga94

Decoy

toutouchan.club

zuzwwjow.top

sarahxspencer.com

chanjiaoronghe.top

uarabota.com

187597.com

teachersfinance.online

ns18hg.buzz

mylovecalculator.store

abmountaineering.com

brttdimero.xyz

metropedialampung.com

kehoumpa.xyz

oxuczwrpfgy.top

gswagurban.com

tymeyutop.best

bennettpublicationsllc.com

k3zrk.xyz

hollistictree.com

yy094ccck.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03499799.dmp

Files

03499799.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB