formbook | 2528-21-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2528-21-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

82aca4b4b9ff5224c31b597f447d1fe3
SHA1

019b5d6ef083812ebf8ff510f497b8229edd58ee
SHA256

e8158ea595ee89489f07ac6fae4f6c4da1d3952284cfe52930c79424484c729d
SHA512

078fb017da22ca3fde04e1b0ee4c69f6a42ebaf7626e818090692526740aef81f106e38a61aa53a2873f463ae238ab1b5ef7e4af6ea3c3589264da2a1e5ec646
SSDEEP

3072:WupykFUcvw98zcz7jZRB2nttanU5qnC/6FtIdx6cUgGZzE5OT:nK7ny3aU5qngd8dgGZzE5OT

Score

10^/10

rat m0d5 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m0d5

Decoy

thedaintydesign.com

floramiracle.com

k-runimport.com

aquafoodsupply.com

smultipleslogistics.com

althard.com

nicklawsoncreative.com

mting.link

salvadorsdream.com

vijmas.xyz

thornspeakers.com

dsales-academy.com

yesquw.xyz

shosjhdj.sbs

erasmusplusprojects.com

infinity506.com

lojaalphaelite.com

pixelmagicpath.top

primeshiftemporium.site

hssk1k4y.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2528-21-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2528-21-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB