formbook | 2552-110-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2552-110-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

b60f75530602d7deab3591e05edbe1dd
SHA1

0aa46e81791e63292224cf8cce05a41d24383b4c
SHA256

fae82df087b746da925a059ed983ee8a3cd6d17d08187a03cd33b00b407e96af
SHA512

478729a886eac75de382d56bfc4bbafc1ecaed65f8605d4c45cccabaea0ba31e34062520b265fe7c9ac5240dcc085290ea0910e8e49dcc37467b6ed8dd86b0b5
SSDEEP

3072:qNH7kKA75xgk83YwtIMfdG6TnE74eVcTj7D4I0DYV:fryYI7M6TnEEVv7EDYV

Score

10^/10

rat he09 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

he09

Decoy

clhear.com

maythunguyen.com

xiongmaoaijia.com

kembangzadsloh.xyz

speedwagner.com

360bedroom.com

campereurorg.top

cwxg2.site

mcdlibre.live

globigprimecompanylimited.com

1707102023-stripe.com

xhfj5.site

mugiwaranousopp.xyz

texmasco.com

sc9999.net

lite.team

8xb898.com

cibecuetowing.top

mgplatinemlak.xyz

southwestharborkeyword.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2552-110-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2552-110-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB