formbook | 2416-62-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2416-62-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

61d1f72754f7fce9e5d6a2dd84dd0cfc
SHA1

adc59bc377d1139f429a5da8d252ee1337574c51
SHA256

5805cfafcb8dd9908b9a6ddeb77f8f37c67e5771bb74d2862e8acc4e0c962d40
SHA512

6f1c7298cbf544733b9ac6e964afe12e785605f472d91705da33ad2da405ff6e932cd6bd29942f66bd767f2c83b5162a9f8bd57b135832e0aae44697261f8ca7
SSDEEP

3072:RUPESGffm5Vf3zfgysp4pYQDfUkotQmXvqPTe9kI2:qbfzIhp4pYQVoFOe9T2

Score

10^/10

rat da23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

da23

Decoy

jiuse896.com

htdingguanji.com

gbwnxhdxaudxi.com

stakoov.com

tuttu517.com

shubaerc.com

bytxon.xyz

9ihoa7.com

pacificpanacea.com

hubawatch.com

hei0obbq8sp9te.xyz

19xqe6.cfd

anagecre.com

fwradi.online

45188.icu

institutdelama.com

picateers.pro

ewmsty.site

yamaharigs.com

jistream.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2416-62-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2416-62-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB