formbook | 2880-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2880-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2d787be73583054a85385c1cef103244
SHA1

33d3dd35b33e8ad831fdf09c2fde64528d542582
SHA256

6f5e6164abbf4a865d6499fb2601b0d86010f72bbef2fdabdd937bd59e23e44d
SHA512

ba8eb808d8eafc255bd41182034f99ebdac08f952c442666ff024ebdbbdfd39c5848f627fc7ca5373f5ec1510735ec1117633503146395ef094cbb84ca8c80d0
SSDEEP

3072:Xf+FEI5vHVtOJ336Vj7wpJP7jy5myvzTBnSXuA3K:XqzQ13qYpJP7jN0zT5S+A3

Score

10^/10

rat de15 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

de15

Decoy

ercgur.com

kkyczozo.cfd

scissorliftcosts.today

changefluid.com

mediaplex.pro

xojxznra.cfd

1xbetenjoy.xyz

qdh8zo.cfd

sohtnain.cfd

dojahqsaas.com

hnstdgg.com

imersaocriativos.com

jetixvatican.tech

797lux.cfd

e-neutral.com

ehitpvko.cfd

habd.top

libbyforliberty.com

tomcattango.xyz

pacinko1078.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2880-67-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2880-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB