formbook | 2524-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2524-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

c87618283cbaa25c9e18f476a7153147
SHA1

1dd6a3f4b1db1d226a8e1544b2a5d399b8b9b48d
SHA256

ba9c1b027708a69f0aa8307e6cdd1e8a112501791b79a21d65136611d19d1c61
SHA512

da2be1aaf223aeb3ae7c8075fa75a3b7d2135884c861b5e8e0a1a13447ddee6023e7a0877f9923055ef0af0b77e9da11e0c236d391a790798b74e078ac636978
SSDEEP

3072:Ee1FjkIMF7SjbSsx3k4g/4KECcWOCBao3USpgJP32DmBQcp:EvLMkNAKECcWrAB7Km

Score

10^/10

rat uh23 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

uh23

Decoy

hanaleikeyword.top

fai.ovh

jan8.site

golcondatowing.top

clearchoiceafh.net

qinglvzhuang8.com

luxurywatches.cat

katoonishop.com

kw2jm9er.shop

prodctionlaser.com

teachertransitionjobboard.com

qzlr6.site

kabir.tech

hnxuefengyuan.com

abc386.site

ra-myportfolio.com

bowanghg.com

disoklahoma.com

jordenshoots.com

imobje.space

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2524-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2524-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB