formbook | 536-48-0x0000000000400000-0x0000000001400000-memory[.]dmp

General

Target

536-48-0x0000000000400000-0x0000000001400000-memory.dmp
Size

16.0MB
MD5

0954b2a539346f9e964900f2b52ea1e7
SHA1

6552dd9b76ef24e8c76c3977be9d7d3a55efeb4e
SHA256

643a63fdbe15a153e3fce2b9cbe9febbbbb4a8ea91711d7cfb702a1027505b48
SHA512

f46edc7a35b563e2ec3fd73535cde99e985dd6ef2832c355f549c29d8a61f07e6d8f07ab18041aa08ae8bddeccc17e4208745b56fac303982312bc6cc6d4293b
SSDEEP

6144:4F6u7r5VJU+9D1WiZMCSczWuXlF6u7r5VJU+9D1WiZMCSczWuXiLvClzj:5u7F3DZMFMXWu7F3DZMFMXiLvwj

Score

10^/10

rat ur25 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ur25

Decoy

discountstoreonline.store

profitwavemastery.com

cvqqrc9j.top

easyhub.xyz

dynamicelevateemporium.online

hlcapp.com

jayanamachine.com

agyaie.com

rentthecostume.net

jvjjdjsf.top

ratce.xyz

pensoupecas.com

nnc375.xyz

beingfrankwithcash.com

simplysoaps.store

jugouqduj.top

rampageoriginal.com

tigglywinks.com

stillnightjohns.fun

exchadom002.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
536-48-0x0000000000400000-0x0000000001400000-memory.dmp

Files

536-48-0x0000000000400000-0x0000000001400000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB