formbook | 2636-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2636-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e4185788c83e877ab3a733d70f50e38f
SHA1

58759810ba141b134e3ad7e36e0e4bfe2feca20d
SHA256

1364ba8ba65bf88c38c7f8098ea71108ec129e274a893c044005b0e8b7e98d11
SHA512

4038e5959c64e7e4cd9cc0b4b6742dcdb5c5f443b6475ed13f78646a8edafb2cacc7a1ee76b4a8df45ad993f40767e10f49d18491d6d4eb005ad6d6f438e0454
SSDEEP

3072:QPnYE6t6K4U5AQ3xI14mKairBpB0fLdN0KqpGtp:DHAexw+ailpB0DnD

Score

10^/10

rat el28 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

el28

Decoy

didijeet.com

aurorashoppingloja.site

courtneyvu.online

boutcv.life

omarcastillo.autos

bytedelight.site

notorious.tech

tarikhpost.com

faithfuelledliving.com

hazsewsard.xyz

rhemataylor.com

grohomebuilding.com

fasxtor.xyz

jonaskinshop.online

gaganlambar.com

perarylegnally.com

bestfootballsource.com

dzyic.com

coinnewsnationquestspot.net

yoredenpazarim.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2636-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2636-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB