formbook | 2528-25-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2528-25-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

dd4644f3636a048a16ddf3830c27c901
SHA1

0dc5189173b6bb58fcdc74e16a54333ff08bcdb2
SHA256

abb485416faa057fd2796933c201d811a6157da22c92d8e10b049c356da0a6cc
SHA512

fe4f84ae63908812484f85fcd9fc9de43e246d4d20cd70664b09e198b3c165e1e3261309f7509d2e62750fbae9427fd0289f4445b460a4c3a860f52787115d67
SSDEEP

3072:qigzDGFrJQbCWLmqbZ7V3WN1HVTo8FvZjooylxcxFe9Hey/WOEyyH3dhv:MD+QKi7V3WPThZjooUx34Ssx3dhv

Score

10^/10

rat r65e formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

r65e

Decoy

cgoxzsep4.com

browser-privacy.xyz

ganjatr.com

generativebreakup.shop

rhoheritage.com

theriprapcompany.com

520baobao.com

theroomdividers.services

justfind.info

88av552.top

myhywea.info

oe9-kumamoto.xyz

awves.skin

hntv9037.top

velscleaningservices.com

hjjkk89.xyz

acessonlinenetbrdia.site

programmerxx.com

openai-clone.com

xn--xysu5cre277avz6d8ud.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2528-25-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2528-25-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB