Overview

overview

10

Static

static

10

2716-12-0x...ry.exe

windows7-x64

1

2716-12-0x...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2716-12-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    b196db5ea64b6efcd996b95fe71e765a

  • SHA1

    2c53ad67dcba4684bb033d37e45fd2d14988a9c5

  • SHA256

    4498e7614edf09dd436a5d0f9cbd418ce22c081692c19887a7b822c2581aa15f

  • SHA512

    7047cb4eb1aca1f195843ae971b6ddd00f88e6ab84dfad2a36f8cd4382e1fa911ea95b55802cf598fdb8d719d33d3421642eee95f27a7c4239cdad69dcb90d5c

  • SSDEEP

    3072:HBZ1OEdXr1S2u3JwyJla89eMPU2bjkoSYh7CtB:D11VIJHva89eMPpSIu

Score
10/10
ratg11yformbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g11y

Decoy

dianedaily.com

grabius.fun

aboodivesakaran.com

ttasum.site

softlytictechpro.com

charlenenicholls.com

money254.info

saleanycoin.com

zhlnas.top

bushelandabean.com

ggaperformance.com

rm168vip.life

getconsol.com

empower-excellence.com

pompgarden.com

spartanburghistorytour.com

thewrkrbees.com

baoslot-adm.com

bizchatgpt777.com

testdomenkinogid-new-1.buzz

Signatures

  • Formbook family
    formbook
  • Formbook payload 1 IoCs
    rat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2716-12-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections