formbook | 2792-69-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2792-69-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

939ab11d848513c6bfc3187acd018fcb
SHA1

5f5d7a512c8e0770416aadace143bd0a38d13b83
SHA256

fd95e5234fecd3865ca3a89cb048f8d04cdee58cc5370636a9d56d69c0d7212f
SHA512

0ba4d34958968ab8b8af0488f4e01b3150a89c34670c98bef704d774390a5f575ba9556af94be38725aed0beee0cf22c2eb253d7e5e53a81bffbed140dc0febd
SSDEEP

3072:IgRMkphV3LmOF3x4SMj6/9KwR2N0GYrOKcTfifs08iOUOLRQMQDWPG:DhlpxnLFKwR2N02q2HLRQLWP

Score

10^/10

rat f62z formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

f62z

Decoy

fashionistawholesalers.com

thesunbird.africa

itv-smart.com

529264.com

allballrealty.com

dontjabonme.com

wembleyparking.co.uk

111888u.xyz

the-oakwood.co.uk

blueskyathletic.com

indiansignal.site

appliances-mart.com

laconjuncion.com

pyvob.xyz

xuongkhopthaomoc989.click

feimwh.com

gostevoidom-gemchugina.ru

cysjpi.com

alaiawrenboutique.com

euwomen.ngo

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2792-69-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2792-69-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB