formbook | 3032-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3032-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

040e5e2a0cddbc186311f06b5b512538
SHA1

0e947d235308314678a8f8b6ebe9a3b0328dd031
SHA256

758080debbbaa1e3034086f59f5c125a1696e1c22b315d93b7cd27e12c9e56da
SHA512

8351d2d1b26e1cbac5f3c3a4f477e712e6d5c92432ddbb54aa5e0e3e9f25fd820b5aff1604799e0c60594222250b5e4eb35331e127c10e9724b2f38dc80eeb5b
SSDEEP

3072:AwPEJCttKUZ3naoQAA+ZZXg0CxhiZ6Jd0PbsV6Pma9:k2FnnQGZZXgjhzWPYVy9

Score

10^/10

rat u1r8 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

u1r8

Decoy

elearningglobalpro.net

hinamizawa.life

cosmicessence.xyz

freedomlife23.com

ticketlesson.com

jg091.com

yohls.space

frlingerieremise.com

geq7b1.cfd

ztagencysa.com

peritus-infotech.com

0778kk.com

advancedlaserinc.com

shariefny.com

handycuts.com

kulazt.xyz

zzwfnwaq.cfd

viralshizzz.com

tamaraidarko.com

ukdrrgrx.cfd

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3032-66-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3032-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB