formbook | 2944-66-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2944-66-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

871553b425107d05f1bac14a61b99072
SHA1

741715cf3064ac6554e6e7298da515868d713a2e
SHA256

eb2ac3c91c4dd00c9f1c810cbb43b56840c9ef6fc6c854227fb6dc90ad3055b0
SHA512

0f68e10c88f1bd6abb1ed3bfc963a8e32f561836c827973765d017be479467d16cfd4ecebcfe69f654ef82351760a9779bc1f4bf087f44d2fd402f834d624f88
SSDEEP

3072:x5zaEFUt41CWSZ30y/YGD5c7KckD8dJBd0eXs+O8igSerxvoj7/C:xnYF0AYC5c7Kf8zHXs0vAjjC

Score

10^/10

rat d13a formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

d13a

Decoy

isapoinmen.com

eonetoonesch.com

sd9whb.cfd

toyota89hungyen.com

memorypower.xyz

davidglylg.icu

broken-heartedman.com

jenrner.com

driverqf.com

holisticbizmarketingagency.com

cgdown.shop

medicaldiagnosisai.com

lotssee.sbs

mathiseninvesting.com

lakecliffliving.com

tld88.com

adsxm.com

ycgwkbjd.cfd

ssiip.com

alterna-school.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2944-66-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2944-66-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB