formbook | 2840-15-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2840-15-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

0ecc90849a751084c2790d99d6bfb45e
SHA1

1f6b46c5ea23840ac1081edc1e8521e541087e2e
SHA256

effbc0872966bc911e077aaa3bb1491f4e3510506bd73cbb68b7e893b47bdfac
SHA512

3f10106467a0d76acdb6e2e42c4dedc610a2b04932b9e9997a52ab138c52627fa15b6317096e07cb56526497e42fa703272a6b713dfe2f839749a0f74a40c572
SSDEEP

3072:NApmE4YjH9AWo32sISn6ROLlDs7WpMV82YHpOkDEXOTwfeqSl:K/m25W6ROLlDsXFYHpOkDuu

Score

10^/10

rat ar39 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ar39

Decoy

dwkqdgcc.click

invisiblealigners.online

addsitenow.net

grupomld.net

customerportalauth.com

54321mall.com

hiabt.click

campexplorermart.com

ibxykavv.click

konpetmoon.com

openalphasystems.com

iran-protests.com

mipanzuzuzu47.click

winyou.net

secretgardenbuys.com

farusiamoiww.xyz

thevosedigital.com

citystategroup.com

411.chat

johnjpnhill.shop

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2840-15-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2840-15-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB