formbook | 1936-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1936-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9a304d4eda81f8adcd7a454d433771b0
SHA1

b3cd7dd2c0f9131a431abfd7e8f562e54e73d988
SHA256

461ef584eeebff6ea00a1ac13950619d1b73c3d0e6fa79510832f6a49c1dc84f
SHA512

f2b3ee0eacd8f24ee03733141650d4a17fe209e343bbabdc32882cf48b30c99ebcfbe6458c07dca9139a627035938e381c6e109f95a9c24b511f6ebbb3add866
SSDEEP

3072:iTOh9kRIuM2FNN3ddrczNqYM938YaBKeptYu5Cjf6gyFCCaP:nKRBdByqYM938/swYjf6nECa

Score

10^/10

rat sa12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sa12

Decoy

retainmyexcellent.com

presentescomamor.com

tractors-29304.bond

schule-der-hippologie.com

flyoe.shop

monolithtf.com

sparksvideo.com

gotasexysecret.com

wildthing-wooddesign.com

nursesgino.com

ahapodcast.com

solarpowerpanel01.space

wb-education.space

harshasirimanna.com

slotmachinesonline3.fun

ygarments.com

kreads.com

suspended-host.com

888fo.live

adorabletool.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1936-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1936-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB