formbook | 2884-125-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2884-125-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

ea90344d53d03af96cd48ababda02fd5
SHA1

8d9666a63db920f7e92bbeacab57d25b898480e0
SHA256

fb6768aecfd2b20c77603219645eae2daedff296a465c0a7b9d25eb92b5aaaf9
SHA512

536297b560918ef6d7804716f7c04a082025144a90f9010ad69fecd325d413235508fb6c680b998599c26a27b12c8a7400ad9ec3f5335e98517224d8a3f1dc49
SSDEEP

3072:qlpyE9Y0CUHp1IdunpGrySy++Nyy65H/1YFlgpOvy2:Ybp6QnpGrySy/NP65HW4O

Score

10^/10

rat fd62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fd62

Decoy

huishenghuo19.com

nudinjex.cfd

tp0002.com

ferdilo.com

misuzbja.cfd

kjnzieai.cfd

cheebetoops.com

kosovomentoring.com

pkxizqpubuunb.com

destinysoftworks.com

izkvdchd.cfd

soc34m.com

boundgrow.com

goushengle.com

neflredneckcustoms.com

czsygpx.xyz

hauteyardsale.com

aqpqt.top

cnnc7007.shop

openaccesplatform.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2884-125-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2884-125-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB