formbook | 2424-10-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2424-10-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a113f8bb4c8b0b93bf70c25e3c20b472
SHA1

be0e96afac1c243ab3619c0613944142a714cc2f
SHA256

a17791378c0c1c46f4fab254552190f25d28b6a6f44d0eab8570d811e0e9a471
SHA512

0d93385411520cbf5285b02da0aec41c58a611470f9e503bbfcdc92487a707ae532073f1ba46d5c44c091d6b2a2cac07324e2418e1b1bbe3fa514deabf8adbf3
SSDEEP

3072:H4HdEoiq8GQwA3hmXj4p3xaLTY4Dq+L/H2MT/DFmXuiNuxRIiLOj:zGOhsjiBaLTYY/WMzh2uiwui6j

Score

10^/10

rat sn26 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sn26

Decoy

resenha10.bet

gulshan-rajput.com

xbus.tech

z813my.cfd

wlxzjlny.cfd

auntengotiempo.com

canada-reservation.com

thegiftcompany.shop

esthersilveirapropiedades.com

1wapws.top

ymjblnvo.cfd

termokimik.net

kushiro-artist-school.com

bmmboo.com

caceresconstructionservices.com

kentuckywalkabout.com

bringyourcart.com

miamiwinetour.com

bobcatsocial.site

thirdmind.network

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2424-10-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2424-10-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB