formbook | 432620x00000000004000000x[.]dmp

General

Target

432620x00000000004000000x.dmp
Size

188KB
MD5

f596e654bc2fb0365ee43274fdb07106
SHA1

1830d7baf4838d13ff4acff90f74a27c4596905d
SHA256

3e70cd7c4dc3ab9580d9cc92f7122f529224ca79ccfe095b893844798c142d0e
SHA512

df4fdf35021e83e66dbdd19fd4fb68498ccd7273a50e178f67383499524f924a61b09b48d43578668362bb54a79efa37f2536a03dc375902386a6e4b504ff389
SSDEEP

3072:UkWeEaNPn5Fi8H3rdqutdpy3cAktzZlrCf0vpuPIWSkBRm9TR:p7Xr4upy3cAmfdWSpR

Score

10^/10

rat s28y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

s28y

Decoy

whytry.shop

readyconcreto.com

redbudvending.com

prosblogs.com

litescales.sbs

campinglager.beer

serenitysuite.health

starbytescafe.com

youbi.cyou

hg301d.cfd

nissanvideos.com

kedou25.com

relovedresses.com

contourbioinc.com

usrinfo.top

i8ep58.cfd

wildcatcreekhomes.com

mpocash.mobi

shisokj.vip

jiangwan.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
432620x00000000004000000x.dmp

Files

432620x00000000004000000x.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB