formbook | 4272-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

4272-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

6361e7f49a93a58e27bd33fee3f68190
SHA1

91d15791401040e7df6609fd20087515d62fc25a
SHA256

2cfda157e3b622484f3d4fa35cf3db4db410fa383ba31b90f9870fe1e04960e8
SHA512

a03027dc26daf26111a50146029d004e3baf857e17c5fd4175e2aedbff69dee00cca0caa5e7351a8011f3427214803f443ca28d42a9bc5bd8b06ad4451235f62
SSDEEP

3072:70n4Eh61HXrd3V2s/WKq2pdJ28evCTeOYfMVMcrfN5Dm2:8eRVrDq2pdJ28eaKJfVcrF5q2

Score

10^/10

rat ot8s formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ot8s

Decoy

snrnnc.top

meta-stocktraders.com

btsmo.xyz

slotsgoldenflare.com

ljkghjf.com

kichi.space

3645115.xyz

mostbet-wav8.xyz

chatgrouplinks.com

kingdombusinessfunnels.com

6887088.win

csdgjf.com

33lode88.vip

nwholdinggroups.com

panwhorasbox.com

muriot.com

simafilm.com

xcj005.top

495372.com

zheki444pay.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4272-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

4272-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB