formbook | 2000750x00000000004000000[.]dmp

General

Target

2000750x00000000004000000.dmp
Size

188KB
MD5

67d572983ec22c0a10500ff5931a17bf
SHA1

1e957536d920744268611fccf0303422bf3c9757
SHA256

28da88ef5fab8c6159a9ed234f7ccc0f1a63634b06bbc605d3659a4f2d6c0863
SHA512

17ddd5e2fa1a6ad57e21ebc62e5a5bd5b24473c1593ef945532aaaa03fcd4531a13888fe63e77a04e54f9cc760df15fafa2b710c6fbb66bb9d022be919c34a2d
SSDEEP

3072:axsKNkBmeverJ/3I97WHzqsL5kkXMtTHAwJw08imAYLwrzxsu:esC/IJMzqsL5EdH5yi6Lwq

Score

10^/10

rat ea04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ea04

Decoy

gfdgtb.fun

ghv.xn--9dbq2a

lilmany.com

zbapexsurgical.biz

greatvalley.church

1wincasinoofficial.xyz

dexla.site

forwardresolutions.com

memberfamily.com

fhsmsc.com

maxon-tec.com

123tta.com

newvoicehouseoflife.shop

easeguardacademy.com

7788ta.com

rfoodindustry.com

77128888.email

hoxland.com

serviceprint.fun

6927ij.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2000750x00000000004000000.dmp

Files

2000750x00000000004000000.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB