formbook | 1960-27-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1960-27-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7332f3e5a5e096151ccb47a7426a02f4
SHA1

0e6fb9b77d63e581192a4bf3afb1ecbb7e215a7d
SHA256

619d4bdaeb71c6656f953a739b6992c80a66aeeaa67ceaeb340ae9c3242bb35b
SHA512

7b0719970cdee80684b0f433629ee2ccb8cbd0b8f32cd75d3c73138559f6dd953f86ee292a4448fa4ef50fbfe3daeaf315c18210b52f1fb8e1811075603304df
SSDEEP

3072:8ct1e0aFAuTkeIQpFJkmPV8HeVD16sjkvZYPutXNmCxBgJ4ZY21c6w:8DJ1JkmN8HG6sjkxYgNAe166

Score

10^/10

rat t6tg formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t6tg

Decoy

dwolfgang.com

changeandcourse.com

sonexhospitallimited.com

izeera.com

7m9.lat

fem-studio.com

santocielostore.com

0xinxg7e50de2n7q2z.site

ssongg13026.cfd

promushealth.com

g7bety.com

molinoelvinculo.com

smallthingteamwork.world

zewagripro.shop

adam-automatik.com

raquelaranibar.com

aigeniusink.com

maddirazoki.com

nextino.app

verbenashungary.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1960-27-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1960-27-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB