General

  • Target

    2960-13-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    31d2c94eab1f8c5caaf370a5efaa9e65

  • SHA1

    e5cdd28c843cabe6c9c54fa1f20ded509d12df9e

  • SHA256

    9b419d888ddd2357d9b51c1730b52c3f9e814223a54f4c2c7cef26c96c655908

  • SHA512

    228f1bc14e98628dec2eb1f1afab4269ba71fb479d01e9e910e705e26260d8a01aa36e7196c0186075949730f820f4cfcc3eee608b6caedcdd2dec77317ed6c0

  • SSDEEP

    3072:sJUtekPc4YyTWQR3HLgp9KOGTD8YZ4Rsfg8zw4T/z8I6uKQ6h+7GD:sMdNHMXKOGTozSfgy/z8IDNECGD

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gg62

Decoy

refrigerators-pk.today

jajifi.fun

fivonworld.com

rangbangs.com

server-dell.com

jefevirtual.com

jobode.info

grindhardgarage.com

gaoxiba168.com

thekotturfund.com

taberla.com

santorinieshop.com

ajptqqex.click

johnjaen.com

innovantdev.com

mjofvsea2.com

yun0796.com

rokovoko.nexus

tuabogado.gratis

jqinnovation.online

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2960-13-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows x86


    Headers

    Sections