formbook | 2300-14-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2300-14-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

57d6575c32b6bd53f3135cba79643eac
SHA1

6c54696f9dac46e65f758ce93186ada4209de4ce
SHA256

7d9193cbfc1e7f3911a4548362df8b90b9216de8480d81d5054b33e1e1870d18
SHA512

6cfb307f77df8b7cf6050d29028d97b338e59cd3a171874faabeb8f4f72f624d4986fe5375badcac3b3cc016bb5989e4c143df96c55346476a993b1720a6a91e
SSDEEP

3072:9qfEqfsc8mY3WioLDfrK0ZdGxHSAZJacYqDLV8:8NWWXLjrK0ZdwHS6YqvV8

Score

10^/10

rat k0p2 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

k0p2

Decoy

theluxurytraveljournal.com

skybet10.com

mountruqal.online

onlyones.xyz

kloea.top

studio7crochet.online

dhv9gmy.top

walkereld.com

script-shore.com

bwerger02.xyz

clempi.xyz

lishapanchal.com

imagemaza.com

ludu65.com

zenith-leadership.com

undertheradar.zone

802cm.top

budeny.com

piabellacasino338.com

eclipse-demolition.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2300-14-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2300-14-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB