formbook | 2520-140-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2520-140-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c16b2050a939eb86fbf53818588958f8
SHA1

947d0542d04f10252f05a858f3c21ae3005f6c8d
SHA256

831417bbd0f711016832ccd1d1a0282c127c5d3f63c7dd6161f2730884c6b5b4
SHA512

153de8acd6a1f72d497d5c9e3e62c7f44f9893e20e97d7d98dfd3be06328e036b2c0c3d72af2577b7b874374b6ec8ccc92621f323a7ccf6ac0270811f436a48f
SSDEEP

3072:H4HdEoiq8GQwA3hmXj4p3xaLTY47q+L/H2MT/DFmXuiNuxRIiLOj:zGOhsjiBaLTY8/WMzh2uiwui6j

Score

10^/10

rat sn26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2520-140-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2520-140-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB