formbook | 2964-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2964-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

263fe2569bd9accb936e50d4e5f04dc1
SHA1

7a009fcf5658022921b75b47e32ffea62b9d1242
SHA256

d60008522a1f42a360d62375309742f9a42ea7a80e905910f6e135b1648fb771
SHA512

b2f484e6959d82945746ec031509df0bc6424a89057fa0495637a69d14349a7131982e8a1e4a4d9bcc72b489097990cac1b03c857d89b18712c57024740fe181
SSDEEP

3072:D5gqyE9q4YKmvvm3FStOqHKT5B455nspxzz3qQnKYmONlQcEVHappAXWimD:FzkQF2pK9B45ZqbBXQc6aAWf

Score

10^/10

rat rc11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rc11

Decoy

makemoneywithkalyn.com

embanks.online

hustlewithheather.net

firmdev.net

tmjservices.online

5gpp4.xyz

youtubereelsdownload.com

qdhengwang.com

169318.com

alphastarweddingvideos.com

leyelizworld.com

brewedburn.com

tinkerchem.com

ndtkw.com

tronzadoragroup.com

formaciondocendo.net

nirwanaai.com

mbadevelopment.online

talkswdrick.com

frora-gift.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2964-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2964-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB