formbook | 2952-75-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2952-75-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

d04838f453510b1bedc90a9964974e84
SHA1

aa1d21ab2d40e03121ef74afea48251314b90375
SHA256

88318bbe17d10c3dcbf23aff3820ce7b472bb2d6e4c90e35613578f352d63e17
SHA512

e5691e58e8719752f6a9eba8bd2d2933b7e230b8049a9b2e0449322bffc2761e1a926b019009c5a1a303c3c4875d4a21d674bfff2a35b275eb56bc54dea01594
SSDEEP

3072:S7jwkWjm17Ok3WUQRiCdGMJH/kmP0mmqWWzKS74NkflySW:nTKWRZ1JH/kjmmq2m4N2

Score

10^/10

rat sh24 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sh24

Decoy

o3zurl.cfd

ivcegyax.cfd

95230704.com

bigfacewatches.xyz

gxcnqzlt.cfd

smilesquarezone.com

privebet569.com

primesnus.com

reternitynw.com

mobileperks.app

zfnxnnic.cfd

shyspiderlightingandgrip.com

luminescentclothing.com

7i4g5c.cfd

cxdyqtrm.cfd

rumahkarawaci.com

50kf8r.cfd

indirimkusu.com

govwiki.xyz

vjin2n.cfd

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2952-75-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2952-75-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB