General

  • Target

    2952-75-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    d04838f453510b1bedc90a9964974e84

  • SHA1

    aa1d21ab2d40e03121ef74afea48251314b90375

  • SHA256

    88318bbe17d10c3dcbf23aff3820ce7b472bb2d6e4c90e35613578f352d63e17

  • SHA512

    e5691e58e8719752f6a9eba8bd2d2933b7e230b8049a9b2e0449322bffc2761e1a926b019009c5a1a303c3c4875d4a21d674bfff2a35b275eb56bc54dea01594

  • SSDEEP

    3072:S7jwkWjm17Ok3WUQRiCdGMJH/kmP0mmqWWzKS74NkflySW:nTKWRZ1JH/kjmmq2m4N2

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sh24

Decoy

o3zurl.cfd

ivcegyax.cfd

95230704.com

bigfacewatches.xyz

gxcnqzlt.cfd

smilesquarezone.com

privebet569.com

primesnus.com

reternitynw.com

mobileperks.app

zfnxnnic.cfd

shyspiderlightingandgrip.com

luminescentclothing.com

7i4g5c.cfd

cxdyqtrm.cfd

rumahkarawaci.com

50kf8r.cfd

indirimkusu.com

govwiki.xyz

vjin2n.cfd

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2952-75-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows x86


    Headers

    Sections