formbook | 2152-1145-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2152-1145-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

78ec7e2e21936209cf2e276dac99619b
SHA1

dc7d57ab53eddc14c5cbff6d8e441ff8ade8c0a6
SHA256

74d0fc95dc22cb11c76464a6b7acb1f27f1a9d046ea17b048baa37b8e27282d0
SHA512

faca8107a4c55ea9b3b4c68fd99aade92ef4d67df9aba3a1ab7ebdfa01fe96af8f2e9705af1f3a57d15e041cbca86a27113a6647e34099ccaf5ca88f0c2e1a70
SSDEEP

3072:e7DEkhvfxMJQ3MN1RhK7PAZQW8NzODXF3AGQiokR+pF:U8eMfLK7PAZahi6

Score

10^/10

rat pc29 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pc29

Decoy

jumies.com

pensionloans.college

3fe3buzz.com

tommytuesday.com

healthly.digital

ratemyprofessory.com

wwfwinter.com

ndmmx.fun

xlgjjk.com

linkednconnecta.shop

dino99.ink

windalla.com

carislot4.xyz

utotemfoodstore.com

8w2xka2q.click

tsfa.ink

journey.style

yipinxianzhu.com

rodwede.com

contreras.studio

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2152-1145-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2152-1145-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB