formbook | 2904-61-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2904-61-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

08c85f6c46fa379b5d384995aa620ae7
SHA1

4dbddd37af3a125724839757e0c789fbebe7a76b
SHA256

5f9500dd5c0cdf34717510f7bd408401adb0df6daece9e112ce3d60500f9ad48
SHA512

02a7056869a48b6811c05ada15b62482e70c13ac489e7a645ff8852d1705ec24d5572f87671f1d41014c5c7bafd08cc4652bb91a329a77df84cb711122894d51
SSDEEP

3072:dhGO6kjN4q3u1C31zYFPjaEsmi8pmYZZvbN/AYSXUoEzI:JX/c01UVjaEsmSIvbayI

Score

10^/10

rat k13s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k13s

Decoy

runbe.fun

factrip.com

zalenterprises.net

yoyufoods.com

soniakmahajan.com

jdfdht.site

provenimpact.net

hotelsmadridairport.com

avondalemclarenparts.com

champagnepelissot.com

dqnshtvn.click

barbarahensonrealestate.com

jrys117.top

amb168g.pro

zionsystem.live

highcaliberhusbands.com

dsc-marketing.com

outlemax.com

legalloanmaster.com

sky71.link

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2904-61-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2904-61-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB