formbook | 2556-20-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2556-20-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2cccfb5c55a88f215f85f7f0190d46c2
SHA1

2ce271387a780a09dc038069cc2592166177ba14
SHA256

b8501da70292e4b223b1e6329af5c9e8c93d9b5ab359c95cb0cc072d9386b46e
SHA512

6fb12fb4f7f0656644b86b7f76853620052842dcbd70869d87da3b6f642faa0aa3dc7f7871423de3450a5459f827a5ed3faca27ff497cad05cad1cc64c20bfa4
SSDEEP

3072:HUG7eExkfRlrpy3pPlCRsp6rp/LjqszIsoCAvn7J9XzBo6H:bktkptCU6N/LjDyCAjJ9XzBo

Score

10^/10

rat g11y formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g11y

Decoy

casino-app.cloud

get-tplink.com

thehighimpactdj.com

battle-blizzard.com

15362cn.com

bites.solutions

toricollinsdance.com

hinglawpc.online

apieasyjetconnect.xyz

pgslot6th.pro

66lode88.top

tvzr0zuz.gay

pdfebooks16.com

tryradiantrose.com

physiolifeharidwar.com

hyywe99.top

mcarealstate.com

nocodepony.com

1948group-leo.xyz

mayensguide.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2556-20-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2556-20-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB