formbook | 1284-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1284-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

05dcfd4db6b304c56cc3e5dcfcfbb40b
SHA1

a5baabb1b51aa353a7c6f3d2a2e9885fc503e905
SHA256

b0aba58348d6b4a144a43c1d56aa807d0e9aaad3b00a862e9f959575c47b6397
SHA512

ba74c39565c62ff699bcfcbf79ff918b1016e8dd2b1fdc6c38f61f9941322c9b062919fce0fa446de5886ff609ed06fb275ecfd7d603494f62dd267c28be561e
SSDEEP

3072:y8wmRk8zIg2umvM3MMtdecvaklWqfI+G4A/Ct4BS6OmHM5:RZcqM8deAaklWqhG4A/CtQSJiM5

Score

10^/10

rat mh04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh04

Decoy

2027reviews.com

spark-neon.com

8621981.com

quikdrawpublishing.com

akxqpalosejuice.com

biorestore-completeus.com

buyreiaz.com

beforevintagefurniture.com

ktwa10.com

5196926058.com

rksyss.com

tzyl343.com

kozmikkix.com

annarborcreativelabs.com

lepacificateur.com

pinsacduphong.com

labanquequivouslerendbien.com

sgnanda.com

theemechanics.com

solanasaga.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1284-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1284-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB