formbook | 936-76-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

936-76-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

94fc6d10579d582a9fc2582d1b8f8619
SHA1

eb5f0a9128cace144e5510fd1ca8a8063e76eb50
SHA256

fa25282be8cd4fed184acd365b2151a55ab53d203b6ea46a6b9f2cc115f6eb19
SHA512

19e645711ced84188abdad028c3cca2619e2f1f0ef1b1f36b3df03cbdc056b2664260695bead22d046d1ff48488b42bf298c5cd7d8ba1a679da6071318b2254f
SSDEEP

3072:37dr2BCU3qM/tS7yzpLBwDX6JMr4eN6wok3GDwGpHXwjnG+0VRE:rITVw7kL4qir4eN9P36xp3un

Score

10^/10

rat co63 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

co63

Decoy

detectiveadda.com

codewm.com

leeinvesting919.com

dzaiwn.com

winecountrywicked.com

floraldesignsofhastings.com

saleschildcarriers.com

kanspersky.com

mondlyfor.com

takealicense.com

aclarkemcgee.com

riohandmadewithlove.com

petalumadumpsterrental.com

stanislavp.com

mansakesalive.com

ballthingsez.com

iongraph.com

pidesimple.com

nutritioncalculate.com

dulichphucbinh.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
936-76-0x0000000000400000-0x000000000042F000-memory.dmp

Files

936-76-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB