formbook | 2168-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2168-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

02c5b5d225452857730f29a1d7975a2e
SHA1

21035f536352f4fa76bf5f9946deb039a994e07f
SHA256

f8f314b89149896d752894548e9b32150130e5b735189b11122660df6573a38f
SHA512

9f7fb02b5eb5ed5c6185c4c53de80efb8fe72ac9adfee0f5c31106a54bd2d64425049df32eaf660e4a16f42c41fca20f5e3c189ad666250c866d5148549555d4
SSDEEP

3072:/uPgT1k9dbu1TCYW/3zcePzp67Fe2A9emyhfISHlIDZSChVd:/3obQmznPd67Fez9emypBIVSyd

Score

10^/10

rat dz01 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dz01

Decoy

advisoros.com

harmonyhomeinteriorstx.net

nyhfqrqvxg.com

fugentrade.com

geasme.com

shopsolary.com

wildwasser.club

henryclarkandassociate.com

klodytb.xyz

jsjnbf.com

vivelosupport.com

dealflowrealestate.com

piabellacasino346.com

wdkilat.site

djpedrocruz.com

fmovies.coach

auroreal.com

1win-esw15.fun

hmdfxx.com

gems-spot.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2168-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2168-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB