Overview

overview

10

Static

static

10

2484-12-0x...ry.exe

windows7-x64

1

2484-12-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2484-12-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    9a4649b70151223e7878bb30dcd2f021

  • SHA1

    cd912b1fc5ba7bab1cb5938b9d0365dc58d81890

  • SHA256

    bbc2af85143bf98c63def3bba9e95dfb5e1a2f82125dd26ac3800efecc9304f1

  • SHA512

    cde2667981dfb3afe0f9e07a71d1ff52b5ac38de90c0012158c3f924dfdd314f6a6401e19287421805520f003ba9ecfc573e36bcf1919a1b8c1853052d7b474b

  • SSDEEP

    3072:k4dWk9ilyVqxc3VcqBeHjFDr9uWaFCR5Q53f1irdudH4WS6VVspw:hwSVLsHRDr9uWagR5eP1aK4P6e

Score
10/10
ratls02formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ls02

Decoy

vocabularybot.com

invisalignsmilesolutions.xyz

sleepdisorderinsomnia.com

bern.beauty

ahazmcdris.top

21874960sie8ca1.store

yeitced.xyz

biggerpictureventures.com

alduhagroup.com

itsolutions.biz

0oq6y.com

wildpolis.com

mariobet469.com

brynnwpods.com

tastywin.com

cou2m1.com

newaitrucks.com

puremeans.studio

mitienda-la.com

jujuresorthotel.com

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2484-12-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections