formbook | 3236-145-0x0000000000400000-0x00000000005E4000-memory[.]dmp

General

Target

3236-145-0x0000000000400000-0x00000000005E4000-memory.dmp
Size

1.9MB
MD5

e0c824120ac91740ec11e41fb61e9598
SHA1

afd07e17755b85fc9b0612d0938a1e019afd913f
SHA256

62b0ddb89ef5cd83dd12201cd2bbd94d147c157d8d61a952cdac7f427bb75010
SHA512

20c10a4dff75f381b8d19116a2d7c1222f69ba3de5eae92a8041fc800c1002c6c2449191fc2e32f38f24db4666341586f11a8ba86726832a912cc656a0e57574
SSDEEP

3072:89va1+x/9dndxVQ68EReGh6DKNOkOvul4xvJBNHOBGQA:o/9lVR8Yh6D8OkOvukBHOBU

Score

10^/10

rat cg86 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cg86

Decoy

cerapoxy.net

ultradronexi.com

beshealtahub.shop

showmethetee.com

bixtrack.com

yunosave.site

rtppedro77.com

vxscnb.cfd

joshtalkhindi.com

sarma.dev

valuationauto.com

bankruptcymindebitfaster.store

zingymart.store

w8vip.net

munch-o-las.com

evolvewithsarahcoaching.com

hgygfrr.store

y6732cn.cfd

steancomunnyty.online

huz7r4a6so.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3236-145-0x0000000000400000-0x00000000005E4000-memory.dmp

Files

3236-145-0x0000000000400000-0x00000000005E4000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB