formbook | 2632-160-0x0000000000400000-0x0000000000615000-memory[.]dmp

General

Target

2632-160-0x0000000000400000-0x0000000000615000-memory.dmp
Size

2.1MB
MD5

dd0d5cf7e3509892b4ae7d40896d96a5
SHA1

7d94a6cb83a5c05e101e773dd200ba61f28c57c0
SHA256

f2fe5da2007cfa3c4a770519db50ecf772813ba99a6ba3d4a2e6cf1d9f684389
SHA512

cec90292b61edd7681fc0b5912685f1fa0a310ed1cfbe445c4ab3781f6a4b797d39b2173f3dd26a97fb707820fbdec89c342f0a39adb18d1897001b30d824ca7
SSDEEP

3072:J5XcEzgBWdhQ3IWdJWWeLqmuZ1np/Zj0jRGV9VD8rzFNGF4zLT:FneIOJaqmuZ1nvQcD8rzPTT

Score

10^/10

rat il09 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

il09

Decoy

ahy99.com

tmzrygdv.cfd

trainingwithoutnerves.com

loaddirecters.com

elocquinn.com

sunnahscents.com

jogobrgames.xyz

skinkissedaesthetics.com

943465722.xyz

jopkrrub.cfd

kavrex.com

sensori.host

sybrstrmtdiyari.com

ourouba22.app

smilebrandsbreacsettlement.com

72um.asia

kenleyeventdesign.com

mandalastudioonline.com

much2more.com

beckettbees.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2632-160-0x0000000000400000-0x0000000000615000-memory.dmp

Files

2632-160-0x0000000000400000-0x0000000000615000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB