formbook | 2812-65-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2812-65-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ab7cb6e5d397ad2101df7527423ab8ac
SHA1

76e5525ee00b363baf2f2193f4be926e4d84933d
SHA256

2e324337085cb9360ad6d2166881398741beecfbc9d48e08a1d6a53fa7de05ec
SHA512

46b7c6302ccdc9f66d9163254bc1936c1d731d252f9b452062960da8c65616a14de2e3f7974b4508b9667a03c0326f0e05372f986ea630500a93891fb5b1d779
SSDEEP

3072:OVPVk8Jk8xqJy3A4oBv4ZmUIVZdoBCLErQyoKsT9:O6kANBQZmUIxoB9rP9

Score

10^/10

rat ed05 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ed05

Decoy

emiliamotional.com

paintsburghpanes.com

wnma2x.cfd

akwz7w.cfd

maxwin46.click

tobybend6812.shop

mollyfranks.com

kimovxa.xyz

magantautocare.com

knazzkdm.cfd

bxzqkru.cfd

keepthe4th.com

recordgreen.space

4thevalid.com

96bqz.live

cargowaveboats.com

sirko.life

florasdelsur.com

96ahv.com

myt251l33.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2812-65-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2812-65-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB