formbook | 424-8-0x0000000004A90000-0x0000000005A90000-memory[.]dmp

General

Target

424-8-0x0000000004A90000-0x0000000005A90000-memory.dmp
Size

16.0MB
MD5

ba9a276d76eabb738156e38cbdb3d985
SHA1

48ee8ba58eb19baac610b3e255e6ec5b0a676583
SHA256

c856cefbb3ccfeba5473647682ed522dc79d3c23175b53c2ff807c1a8ce72b71
SHA512

15ed16b1a0c2c6576aa0ed4a602fa45760016903cf96875cf9b62870348828eb29ba615e033ee2d9e0997c52ca2d91901f9d9036807dcd16376d283499fdc101
SSDEEP

3072:JEHxMFxehbUGWpVxlR+crESRaVK0Y77E/G+6LTXdUZSCJ:+UpVztrESRaVi77wyjcS

Score

10^/10

rat n7ak formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

n7ak

Decoy

wise-transfer.info

jam-nins.com

thebestsocialcrm.com

majomeow222.com

ancientshadowguilt.space

gentleman-china.com

parquemermoz.store

taxuw.com

sharqiyapaints.com

libraryofkath.com

1949wan.com

synqr.net

bitchessgirls.com

btonu.cfd

coding-bootcamps-16314.com

leadership22-tdh.site

maximsboutique.com

irishsummertruffles.com

sdnaqianchuan.com

uyews.xyz

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
424-8-0x0000000004A90000-0x0000000005A90000-memory.dmp

Files

424-8-0x0000000004A90000-0x0000000005A90000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB