formbook | 15161580x0000000000400000[.]dmp

General

Target

15161580x0000000000400000.dmp
Size

188KB
MD5

e3c76a6d07b4f3e140381017339e2906
SHA1

b73f32332f3af085b4b2979db2f9a79efcdfef7b
SHA256

eeecc40034525f827c445dffb6214afdc293e2ba659ef7eb6585f81af6a5ca19
SHA512

e953031c38fb7e9bb157dd23bb9e8b4d65b7b8267fb53f18de1f3fbc5849f4a682464967e8f7afe15d73f8cc8afe9123b714b0e6e86c015acbaa211e1379ec5f
SSDEEP

3072:cISEf6/GZ1yLfq3U7OV+aDLmmHdK+9YNKPayh17Txc:41sUisaDKmHt++a+7Txc

Score

10^/10

rat m42i formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m42i

Decoy

kosporttraining.com

z19zgcn.site

kaka225.click

85471xii.net

iuplqle.xyz

bengtsberg.net

bk2y0rmx.site

hotspudqec.space

dreamshospital.com

studio-glinka.com

garotosdatv1.online

au-t-global.com

0kxm.com

medsuppanam.com

sameypaige.com

osstshirts.com

xkrujqqo.shop

hk2r.top

rakebacksites.com

ledxiu.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15161580x0000000000400000.dmp

Files

15161580x0000000000400000.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB