formbook | 2836-1162-0x0000000000400000-0x0000000001462000-memory[.]dmp

General

Target

2836-1162-0x0000000000400000-0x0000000001462000-memory.dmp
Size

16.4MB
MD5

9afa271197ddf2b9e96d4f63df6185ab
SHA1

45153461378bcc870a933a8dca29f63f358797da
SHA256

e1e534da6d0cf14fbebb3f6fa92ba44204d06283b3b303252e8099dd663f4eee
SHA512

ed71aa6c6017ac55a6e4ccd9dd7d73a9e94e24926de8f6eca577d5e5d9af5c1b58178210e9ce66294a832dd0a154bf3c393c58aa847c48f4329893824fb004f9
SSDEEP

3072:39zEK4Ue9Zcr37e4URdFpub8HjFDBikrvNiFd4hzE/Pq040di/4vQl:Z4OD77URnpub8DFJrv88zYZYgvQ

Score

10^/10

rat my26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

my26

Decoy

hqe0aw.cfd

kompromat1.life

cruises-62138.bond

servru.fun

019469.com

nelcorgold.com

tscauknf2.com

satset5.shop

kraflex.net

indoxl.city

jcm-54.com

wantedleds.shop

vzuqiiud.cfd

filipe.works

vistservice.online

bjnyfjef.cfd

thegolffund.com

hadyjayapropertindo.com

passionalchemy.com

k9eiow.cfd

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2836-1162-0x0000000000400000-0x0000000001462000-memory.dmp

Files

2836-1162-0x0000000000400000-0x0000000001462000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB