formbook | 600-43-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

600-43-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

95feb76849226ff781c7387278210fa0
SHA1

dd30fe845a5dfbe7136b6d6d8815c5a6cb6202a9
SHA256

8c2293b8e8e1380a68ff68bda0fe17a1b71d44db7f5a8dd59cda009843ac0455
SHA512

a1ad757eb6aa6c7e123f0178bf97b88a2c503f84205fb95aee7c4f8637c705a3ea47579c304ffb8c3ae4818e7f8c7b66942b14e097f879df5d54d2f955d55282
SSDEEP

3072:g2LWzsrFrFaY+UAX1POTdfzjyPSQqrMkpFrzTXUr3hJKCM52zoaf4HPAawYvqv2V:gzsLaX1Udf3yXqrRpFr+x4f52z34HUYd

Score

10^/10

rat t2ti formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

t2ti

Decoy

j6y.lat

kindlekidz.com

studio352events.com

merelweb.com

6061k.vip

iuk242.com

tiltedjava.net

importmotorshickory.com

codinnotech.com

foodapartcupboardscript.click

donovanmanuel.store

michealwilshire.online

clawenterprises.net

spacecargo.net

duadqps.com

allamericanshuttlellc.com

shucaimh.com

qivovrj.com

infynite1.net

albertcolet.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
600-43-0x0000000000400000-0x000000000042F000-memory.dmp

Files

600-43-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB