formbook | 2068-62-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2068-62-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

5a2db0fec5a32eaf55d5991043e6bb55
SHA1

c7c11d733aa7f4bceded512951da9628be210ccb
SHA256

46a8538888d824cb19d2a988bd8e3f6857b331492e3576ff27ebd2bc35e5f799
SHA512

004c6fc5b8c79d8987745102f4f1dddcd4dda28b531f324b0ac47cd66cd8b3da392892f679308ce77689d378b744f643bc3f8a7b02e1ebe78e7293a905db0759
SSDEEP

3072:l/1EKQoX4m5Gje3yINDN325/diisHf6azvOkkhZhdMZXGgT3ZmFdmzIRSJ:+Sy4ykDk5/diiOiaTDa0UgTgDKo2

Score

10^/10

rat dh08 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dh08

Decoy

lhmontajes.com

thomasholiday.com

onlinerscor.site

shadowstudiofx.com

velasdemieldeabeja.com

zerotoherobudgeting.com

hw158990.vip

xvzcjp.sbs

polaski-loamaz.info

4zx1le.cfd

bronzemember.club

nevadajacoby.shop

mmmms78.top

toolnetic.shop

sabongcash.asia

espiralconhecimento.com

ftscwj.com

1wpdip.top

scap.site

marineaccidentlawyer.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2068-62-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2068-62-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB