formbook | 1712-4-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1712-4-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

147474dec7a5702328d4ce3977b6fa6f
SHA1

0be17959a454e71775af10bfee698425ced9d11f
SHA256

cb30d9786ea7f25eca91760469cddf70c75950163d0596110b6b8cc15a189559
SHA512

84dd4d4ac541201c21b1442230fc266d81f4dde7758f13fccb05ce776f51b69bf9aa55d6507c9fb1db43697c46e08e7788715dad3a33c4875332a8721d46bb57
SSDEEP

3072:E7ryVklfnl56/3FrfNQmsF6V2WKC2DwFo88l21+BVbRMJ:KO/F72J6V2WKCmZkgX9MJ

Score

10^/10

rat gb84 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gb84

Decoy

ingbd.link

extrakerr.online

ssongg2238.cfd

b0dfwnbfurpbvcd.top

thepawfecttreatbox.com

nrnge.com

detian56.com

bonnieslip.com

hirepaulfleming.com

connectopia.dev

kk295823g.com

notificcf.space

only-copters.com

hookedtoken.top

hpv-faq.com

milliondollarcreditline.com

digital9158.com

871rg.vip

www72382b.com

coachmarkgottfried.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1712-4-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1712-4-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB