formbook | 836-142-0x0000000005000000-0x000000000502F000-memory[.]dmp

General

Target

836-142-0x0000000005000000-0x000000000502F000-memory.dmp
Size

188KB
MD5

612434a54b324cd65b503d50c1563e02
SHA1

ecdca9fa9b75305d86fd1f9b13294f227df5efe8
SHA256

548710d23c37d020f239d2912457110d2def70cf7db981e96cba3666c915279b
SHA512

2ab5581885ed057aa3ba689e7d2607767e9d90bd24b79e5556fc18516d8002a623f727892cd906229db6cdd78006c73a21781d37b78e82c128d1e5549831cd7d
SSDEEP

3072:XmhI2REd9zInbi94nW5fEZ6GR4pIOK9cEDSsKIeXrO5R8XDbw0sHKWoJkv3JIOmc:VC1nC7HpjK9fpeXrOmbw5pd0X2i

Score

10^/10

rat fe05 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fe05

Decoy

72cub.live

cq8ils.cfd

dhdudgdh.online

auwmhnls.cfd

siski.tech

louis-ville.com

highenergy.tech

ravinvi.bio

reytasrain.com

gmxqjouw.cfd

tuty-vruty.com

69x1851.xyz

yzwjkgyx.cfd

pharmalliance-cm.com

freecsgodf.info

logovohd.online

tatami.store

gkcbpxs.xyz

eventlaunchfunnels.com

metaplaymastonline.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836-142-0x0000000005000000-0x000000000502F000-memory.dmp

Files

836-142-0x0000000005000000-0x000000000502F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB