formbook | 4584-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

4584-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7ecf6f286db4f0299886ab0ea9ac050b
SHA1

96bde70051cf69902497e55720c4e361a6d3bc0d
SHA256

b1e262c28b8c7cdf225245f28a3676e89326c5a6b4c1d2e821bdbd7aa7d9c9d0
SHA512

0de1637f9a153cc36967f71b2d4b1c7669c362dd61befb639b57ef2275bc5cc3ee2b6382b1b9b694860146efa3798cc6de218298715d993b416d7553270ed00f
SSDEEP

3072:zXvleFrhL2PzzItXr60GSwX9p4agLR5imbIaO6drvNDyVKHjhaef:5y2e+0GfAagLRssXJxvNOoHtae

Score

10^/10

rat a9h3 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

a9h3

Decoy

yimbyco.com

goformyplanet.com

cylegeorgedesigns.com

scarmall.net

v4xs654y.asia

die-instandhalter.com

julietheimpatientartist.com

novoxvape.com

faireco.life

theoldcup.com

creehackapk.xyz

meineexperimentierseite.net

gdriyue.icu

sanmasan.com

zoomtrakfauci.com

youssion.com

ovrconfidence.com

kaapikadai.net

lhgs5.com

srgpatience.click

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4584-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

4584-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB