formbook | 2808-18-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2808-18-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c58b7a2332d77141664d878c067a41ef
SHA1

d834e0d8db2ad9d908a058d9e10447cba17b6d70
SHA256

22fb391957583489a5ec92abea4e87717f05ba3cb2cbde407c930bff37668125
SHA512

3435a8673d6a5e350b44aeaaad2065cc98d68936f431a04f93d934ae601fb9712e88614acbd9d5b02282227943a6f4957de49110a7a3748479a5b39ed149c4a7
SSDEEP

3072:Fh5MEfXo5Fwd38wi8kHaJ47Nxp00CABkW+ALRYpnz:FxFR8b8QaJ47jp0BGkW+f

Score

10^/10

rat gy14 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

gy14

Decoy

mavbam.com

theanhedonia.com

budgetnurseries.com

buflitr.com

alqamarhotel.com

2660348.top

123bu6.shop

v72999.com

yzyz841.xyz

247fracing.com

naples.beauty

twinklethrive.com

loscaseros.com

creditspisatylegko.site

sgyy3ej2dgwesb5.com

ufocafe.net

techn9nehollywoodundead.com

truedatalab.com

alterdpxlmarketing.com

harborspringsfire.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2808-18-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2808-18-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB