formbook | 2008-63-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2008-63-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d6033727dd7322bc87183f06f5e06b55
SHA1

e134e1dcadfa4718aefc55648c4c4d816e1b49af
SHA256

a934db8034ef380d27df2ddec946f964aabc50a9a6a7009eff3ae801ca666c2a
SHA512

b4b76e775350fb59e9fde5b275af50695737691de1ad1eca0bff0fd1e48a0cba66b307f192eae807cb9a38aacb743b7f2931d811d4d0d49b2deda3e5b37f69de
SSDEEP

3072:uPralEiD+l1ScbpO3MmAr+UL3uRsipFSkOTzhlwLAlntxBTBW3iSi82qGbn:cmgNoM7pL3uRFpfOZlXlNd+s82qGbn

Score

10^/10

rat mf6w formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mf6w

Decoy

shiftfailure.com

wjfglobal.com

gongfuteahouse.com

kocaalivilla.com

atlheadshotphoto.com

dppop.com

padokhep.com

localventuremarketing.com

5zh3ang.com

okminisip.com

houseofmanus.com

6339777.com

fabitgood.com

yaboleyuvip9.com

abbia-group.com

tearsofthekingdomrecipes.com

ukpornagency.com

hangar18lab.com

diamond-manpower.com

yourfrancoach.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2008-63-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2008-63-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB