formbook | 916-239-0x0000000000400000-0x0000000001654000-memory[.]dmp

General

Target

916-239-0x0000000000400000-0x0000000001654000-memory.dmp
Size

18.3MB
MD5

e7ce76c0e2ed48ac7a0525601685f0e4
SHA1

683116667e149aae904c54d6f338e00c9a43912e
SHA256

7afd3977cacd7ca80c12d05ccc4c2dd342cbbb1a155a2c7a3735e42abe80a3eb
SHA512

e29f3316b4cab70771ab717743c7f86f92f3571813eae37eec7026e9459bff8cbc2c3f03e328348cecf064102a8fc697dd84cf931df9cd31d12569354a3b8488
SSDEEP

3072:iVI5uvkK1ADpj23yy4sxrcr4ba8lbzZ4XZ/H1NK7YlkDv+3q:in+gy7Jr4ba8lbz65H1N1W

Score

10^/10

rat ay62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ay62

Decoy

huawei5400.com

stserviseplus.com

wallethardchecker.site

wwchoolboysvideo.com

buildsandcastles.com

madangelart.com

katinkaaromatherapy.com

logicalalerts.com

goleadcareerskillscoaching.biz

samlify.com

nassarbusiness.online

bs26.xyz

iphone168.net

foreigndjmixs.com

ikessecurityandlock.com

blacklaceportraiture.com

t-molargbile.com

boxoficeticketsales.com

bitrie.com

7hiddenvalley.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
916-239-0x0000000000400000-0x0000000001654000-memory.dmp

Files

916-239-0x0000000000400000-0x0000000001654000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 181KB - Virtual size: 180KB

.text
Size: 181KB - Virtual size: 180KB