formbook | 2768-15-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2768-15-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9da8b0d256ae0d74249fc245cd3e4841
SHA1

1025afdde51ff233af23d0456e344a57520ccfa6
SHA256

985df652f5a354cef0b85edd8fd0b0dccda8ed8e14e29815a8b2becb0c97d4df
SHA512

3041ebbced97d3dd9245943da14cba647cbc87e3a364b54cce4a3b9cb92bec515a160f091e4039873806b4989e238ccd8b3db4c63038bff88d79a9e7d46e5da9
SSDEEP

3072:gO5EBpjuMHSC533AJ2xKfx6iZVtTfYnefJgvqTZpr8UI9z3:SphHAI06iLtbfgv6TIz

Score

10^/10

rat cc73 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cc73

Decoy

viptop77.biz

sell-home-fast-for-cash.xyz

wjbwebsite.top

ceramic.house

anthologymotors.com

acctwiseconsulting.com

xn--bj4blri6mqqan64b.com

roguester.com

blavkimped.com

mostbet-wih8.xyz

biellacapital.com

jasonmoorehead.online

wolrdtenis.com

huahuiblog.com

jonniprince.com

gohanyo.com

l4-j2.pro

coinyeard.com

fh8019.com

iltorlonia.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2768-15-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2768-15-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB