formbook | 2200-64-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2200-64-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

739858cf1d2e159ae331f84b2bab45d7
SHA1

74cc5adc69751777c51910e02c4075afaa742731
SHA256

ab894f21f01f17ff4044b7c15f70792295861f6a39ce7b98dbb5522aefd382e3
SHA512

1f2c427d07d67c38be80e60ceb2c311a5b207b0e85dd41fb832c76d0f20c376e21b929c464cee9ef2ed35c50c891795160277bb4c70cdf5ac34e25a4d17374b8
SSDEEP

3072:rTJ1E+AJ2AAy3yjlZ0SXlmaYHRMdDTK7SjLBtOVy1jPtfZE:rPzkyZZlQaYHRMtESZttE

Score

10^/10

rat mh21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mh21

Decoy

qiandaye.top

zltgw.com

getxgp.link

forest-create.site

parsefilm.com

foodstore.top

reynoldsquality.com

tripleshops.com

altuwaijrifood.com

seniorassistedlivinglocator.com

essencedelanature.com

hrwv098.xyz

olkja.xyz

10685johansen.com

ajidenhp.com

sensifiedregistration.com

timetodatings.life

bizbet-review-pt.com

zhangming.asia

xn--vhq074eeozsda.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2200-64-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2200-64-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB