formbook | 2604-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2604-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

6f6ebaae569881df8c077b6c72c361e7
SHA1

1be5cb394fed9732c17fee45486cdfaa3392c2f1
SHA256

c4415a5505dabd9ecd53d05f8af48b03106aed45b5accb7c1f10dd9855e5a72c
SHA512

0ba4d43229512efc09bf1156f553fd554376aed46f02dc60a9b3ab848181b33f8bbfa81a98f4c51fc5df1dc275a99bfb07aa2c633b9b2a87a2fa96593981220f
SSDEEP

3072:d0pE1jao/wruV338ZsqtdK+XyJk0hRHhnQyb8MBNzK5Qgm0t:TaL8H8mqHK+XyVFNoQp0t

Score

10^/10

rat vl53 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vl53

Decoy

bushypussypi.com

alzentori.com

pearlmassagecentre.com

zag6.com

workadumail.com

ferreelectricosdaniel.com

takethislolypopo.com

maylanicornier.com

nptstudio.com

dunasgolf.com

guangshangjituan.com

cj6p.lat

camloi.xyz

goldcoastkayakfishing.com

hiasannatal.site

safesnipper.com

adamssecurities.com

productizewithmalu.com

oral-nursing.online

adultproducts.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2604-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2604-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB