formbook | 1640-62-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1640-62-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

fb74c63044c879aee7b0f3e68c072c1a
SHA1

c3cba7dd144ca70a2d066a726962fba2bbd72b94
SHA256

89c9eb86c748fff70658444c6ef2fa9039e7f06d90195282dd8d3d46cfbe6673
SHA512

ba9c650fa661820c55544cda9aa1a1f4e8cbff8cb43a0c2abe5429a05598189008dd05896a454c4c36f6db7defda2afcf9ac412a4b65d3dc4f324845f7f93114
SSDEEP

3072:ikncFGEe1VIwQVRXozeMcnKu5wNVpxs52LTtvr4fsMSn:vdzGXoyVKu5w/88tvrUc

Score

10^/10

rat g63d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g63d

Decoy

icgrki.com

metalsignsupply.com

ntdhzm.com

ultworld.space

warngiveaway.com

berrywellpriced.com

lwpepoocc.com

bywek.online

hfysn.club

whats-trend.online

13335b.com

techno-bys.buzz

boostmediajo.com

superchargedsalesfunnels.com

webdev-nordeule.com

wuben2017.com

cashbuyerheroes.com

gabon-onlinetourism.com

vibranteventshub.com

campregesh.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1640-62-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1640-62-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB