formbook | 2840-68-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2840-68-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

19b75cd63df06a2de1394aa4ad09706f
SHA1

81f5c3f71a3390d35d8131fcda607a6de6871078
SHA256

ffc45b1827718b2f791140869c3a39365d39c3b8cd8ef463288dd01c6f27e66b
SHA512

110817301089b9ff9e0477e10b7c11a9286925a7fa3d1071ce99080e9f30edda7333f6b4c06b0d36507f3d20b38e6ac380173afa8b76c3ac9995ec56388edc5b
SSDEEP

3072:eIPE0BzWRXI+31d1Z0IrmiK63XcY3bGUNo7haNMhdBU:zMZ1TZ7rmiKM73bJNya+

Score

10^/10

rat p1a4 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

p1a4

Decoy

kingdiscoverkenya.com

bystander.news

soul2be.academy

rivistangelo.com

newproducthat.online

menstruationunlocked.com

acmepilot.site

onlinebuydogbeds.website

energysubstance.com

sltn188.com

speedoenperu.com

getkani.com

digitroncomputeracademy.com

homegrass.info

escrimax.com

3393t.vip

hhjjc.com

188judi.xyz

overhired.com

ingresaseeguro.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2840-68-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2840-68-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB