formbook | 2032-73-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2032-73-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9cde83602f1f89a6e9a319a489cd7285
SHA1

ee425015e6615c1aec769a278e32d5a1b485fcb6
SHA256

682fcda1f5f82c11795b2a0be1f629668cbf41af170db1afe4964a5adaa3ad3d
SHA512

d777a66d9aadc0148384b393b67b33967c5ca8c4c31942b7027c08f16931e7397e43da0314059fd271682ae41b2cb7f420cd68ba0db3aa64f31baf8e9a4cd67a
SSDEEP

3072:o+UYfKkYO/kTA938eqJMdy0gCqY6kazGr1A7cckadf1K9JmsIAQMn:EKx8JJyy0gRY6kazGFc7d89J

Score

10^/10

rat c20s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c20s

Decoy

6698s.vip

vietnambun.com

tcl-express.com

ldyhph0611.xyz

bluegrass-bites.com

us-sonofiteardrops.com

zhennengshangmao.com

deliciasbethel.info

huckleberryjammusic.com

www3bmeteo.com

metodohollywood.online

findabathroom.app

kinerjaterbaru01.site

clinicavaldiviachile.com

boulettacase.shop

mirandairwininteriors.com

y9234.fun

globalservice.fun

jjewellers.live

shippingcontainersforsales.live

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2032-73-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2032-73-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB