formbook | 1076-82-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1076-82-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

630462007c65efdd958d04e89bad1b94
SHA1

27f2896ecb30fb58ec14a8b4f485f23da687cc01
SHA256

36ebcec7e0c6b4d39526f7d5b1f09a4be61bbbb1a24ebfb69ec41d70c82dec9c
SHA512

0cb552400eae30cf3813b92c0494291b2a88ca7ab3eb0d25957cc995b5f490e0169aa9b1ffa1f887ec244ebb3f82092ed062a1b6ded384d2d1f2f418bfb19ed6
SSDEEP

3072:4hIg39FjjoLA9F874bHeCg5bHEA56e83uCXzzUbP2CPb4Tld1fT0VfN2t+PHM:1YjTRbHpabkw6H3uCjgTRg1AVfU2M

Score

10^/10

rat xchu formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

xchu

Decoy

zcartoons.com

castilloshowroom.com

3bmmdtod.life

misaxoxo.com

nadiya.online

sykkbup29.xyz

triciaaprimrosevp.com

newleter.com

ptzslk.xyz

lightbulbfestival.com

texaslandline.com

ideeintemporelle.com

girljustdoitpodcast.com

medimediamarketing.com

bunk7outfitters.com

charlievgrfminnick.click

lifestyleinthehome.com

atfbestsale.online

frontdoorproperties.co.uk

grandpaswag2024.info

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1076-82-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1076-82-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB