formbook | 2012-48-0x0000000002AC0000-0x0000000003AC0000-memory[.]dmp

General

Target

2012-48-0x0000000002AC0000-0x0000000003AC0000-memory.dmp
Size

16.0MB
MD5

059a57af3fffa6afb00b49a49f7b9026
SHA1

b5789888a933a67bf7b2cd14b0d714d8c63aa123
SHA256

dddc899a90cfe2bee23cafd8850b77d8f2bd3cc1dd4eeb49ed5549491ef201f5
SHA512

ce6ff3548aa9653721804c82f5bff5efdcfc8751a03ad4b304a44270eec00ff8cc830d3621ceb55c94b42a84576c1d9087f01a90fcce5c735c2e81f6b460a61e
SSDEEP

6144:tMSAgdGQ+ya6toYmE5LCe8knWOEWrUnl:tWQ+y5egj/HQ

Score

10^/10

rat go04 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

go04

Decoy

healthinsurance-update.com

weaverhaim.site

ssk.lat

madnerbarie.com

kaseventures.com

bemypartner.xyz

go7558.com

guomibangong.com

sadvakfi.com

tek3on.com

v5111333.com

redatnight.band

dom-za-starije.com

faculdadedomontador.com

inexhomebuildersllc.com

schaeferautoinc.com

koiocolombia.com

168sheng.com

717fifthavenyc.com

xt8.lat

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2012-48-0x0000000002AC0000-0x0000000003AC0000-memory.dmp

Files

2012-48-0x0000000002AC0000-0x0000000003AC0000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB