formbook | 2764-67-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2764-67-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b7ced6594fa1c438bf3b3accbf97e469
SHA1

f45e546af6da9b863ad37d152cabaef02de09748
SHA256

f211a5b6b757111a8094e290bf015ead9ebe8d79646a44684e9d9b88b0f68e52
SHA512

143f63fda7b0805f383514034bd73353b428788be7de5fe3d25e8658b9ecad3a56672785e149d059591af132e31666dd24d71dec192a013af20f6cbb5361a78d
SSDEEP

3072:GqWZEQR7IsHpT35J91KKqho2UTzQIQPn1wm4n/+uF:8uo75noKqhoN0b1K/

Score

10^/10

rat e14e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

e14e

Decoy

bekamwanitajogja.com

dysae21.xyz

warehouse-top-jobs.today

h53h.com

fertility.builders

coincallpro.com

gdlinternational.sale

r3hews.shop

sg199.com

whitehillmemorials.com

nadadedor.com

pamphletbox.com

4dsmartglass.com

avaluxuryliving.com

fatdog.club

insightinvention.com

exmigraine.com

bridxo.xyz

wy6zbsa.xyz

jithinvijay.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2764-67-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2764-67-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB