formbook | 2400-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2400-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e8427db18d20007d5bd1c23612e0afec
SHA1

9e1cba825086eba2c6eb8b6c39c504abc6a365be
SHA256

5707450be210c6313f51f5ff9d8b962a08315c6b8717f0cf0c4afeffa974c88b
SHA512

f185d5a2d90fbdbc1445ba3bffdaeade34fa89c6a9a419cd2c1499cf4fced214d622cf314481f5638a0caec5ec7edd8ce7220fdf3c284b47c7606acd29152c16
SSDEEP

3072:aESuk3Q242kC6932a09YDMB7fLhbFwrF0P9c2fdbylAPtDR:yox2zVRfLdFwrWPTxyaPH

Score

10^/10

rat ui23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ui23

Decoy

the12steps4successinlife.com

gwengoolie.net

veriko.shop

jenniferwrightmerr.com

luo56134871.site

beattechniqueteambuilding.com

melaninoverdose.store

punatraffic.com

calcium2049.pro

hunter85.com

weareiqmed.com

girlsmechanicteam.com

merchartfulsculptures.com

uniqueantiqueshopuk.com

8d6ce9pg6qi.asia

truthsunveiled.net

bestarthritiscream.shop

vocabularybot.com

c956.top

towncreek.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2400-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2400-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB