formbook | 2720-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2720-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

f04afa30ba780da30e5ac37d91b3d7c8
SHA1

8a8ad4f46eaa974e2c14d8498db729369bc885c7
SHA256

73db6180a2c82506fc9a56eafd9dbfe4e501814ce1a8841411476a52758d9599
SHA512

f6519121948422ca5229544c9d85b688e6c1cfee962e6c863d880feb80b60af9f4b76097bc082daf5c1f58ef27d230941b8e17ea1319568c50c87c9e4bc6d658
SSDEEP

3072:XTO2ktHDh2eXWdZ37z/4+7Oc+JKkE/P+3ufB2AFH6kJ5vwe7KlEjN:wDuF7T4+7SKkE/Pw/Al60KaN

Score

10^/10

rat ge58 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge58

Decoy

squibbs10year.com

merchallqualitystorecenter.com

avylw.com

chubbysamericangrill.com

passionforfashionbyshivani.com

bergfors.email

hearing-tests-30868.bond

seattleaminals.net

gbxibeb.com

mhbalancenow.com

goliathhomesgroup.com

paradigmayazilim.com

esgaspol.com

qzoneqyt.shop

aieibook.com

best-rudderstack.life

cpd888.com

231564515.top

fairytailfigures.online

smartmarketadmin.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2720-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2720-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB