formbook | 1856-1073-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1856-1073-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

eaad9f928173de67b0af2985976a6318
SHA1

9ba873ad8563555fe78b434545f5252b70e5f924
SHA256

ac721a1af1b605814b04354e2c183ad924fc08a17411323f4fa93598a83f88de
SHA512

cce977154251340447fb728395c71b1a376b37b527f1c53ea24de973136af4f8e38c121b36c13ea810919da62d800bf98aa418300e2433570e8dd968ee4ff44a
SSDEEP

3072:5r8yQ2FxlgDUxuJefjGoUN+GsKlDHbrDVvqotPunaLpaEcO2RGWdJJI4K:cMR4AyoUMYRbrDVlPiAUEcO2RdJJK

Score

10^/10

rat tfgp formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tfgp

Decoy

simplepay.kitchen

livetcvety.ru

eperq.buzz

tecbad.com

yolcu360online.autos

wellnessgroupofgeorgia.com

gameozo.com

thewoodeniphonecase.com

martynasobczak.com

youhousedesign.com

dlix.net

langlaufdavos.com

hew9.xyz

eliteenduranceuk.com

incrediblesite.cfd

delang001.com

52zmzmzm.com

valleyofbreath.com

sagewoodworkinginc.com

oniesa.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1856-1073-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1856-1073-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB