formbook | 2408-11-0x0000000004E20000-0x0000000004E4F000-memory[.]dmp

General

Target

2408-11-0x0000000004E20000-0x0000000004E4F000-memory.dmp
Size

188KB
MD5

3a9812c14b101f83dbcfa93e20f1b69f
SHA1

d56b820a51d52edc854aea7228ae805685843892
SHA256

d19317bfa79a1231e16dbb2afd77830fbc61700e49ffa18139dce2e1198ecda9
SHA512

2a1d66173bf230897fbe374cfb252232e2dcd9b7f46369db6c55cecbfbe188dc75239ffdbb4a95940807429ee0d53e0c11962c7785019919d2fea2c8fc1599df
SSDEEP

3072:/vduvFr3f8ETsN1Zmyjmy28z26IBO7MVydP6GcHRkbuYHEzqq:/89fIvzjmBx6iO7MId/cxkSY8

Score

10^/10

rat ao65 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ao65

Decoy

spins2023.pro

foodontario.com

jsnmz.com

canwealljustagree.com

shopthedivine.store

thelakahealth.com

kuis-raja-borong.website

hbqc2.com

optimusvisionlb.com

urdulatest.com

akhayarplus.com

info-antai-service.com

kermisbedrijfkramer.online

epansion.com

gxqingmeng.top

maltsky.net

ictwath.com

sharmafootcare.com

mycheese.net

portfoliotestkitchen.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2408-11-0x0000000004E20000-0x0000000004E4F000-memory.dmp

Files

2408-11-0x0000000004E20000-0x0000000004E4F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB