formbook | 2904-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2904-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

76023af7621fb4d5d611452102d14ee2
SHA1

4738ca8c8e77b1a72b50cec6d27227398233749b
SHA256

d8e815248b376a58b4db509d14a2ce2b05afcfe0392af5510b05131627bad899
SHA512

ff0104bc4eab9eb8714532823d97a08116eefc012b4cdbb4b69cecce1aa73aaf1fe287bc8d3d8543219b118b7c5baa6bc9afb7874e6c2b2b079c26ce1ad914d6
SSDEEP

3072:vyywkMnWhzmc3GX6qiqj9llXQ9MEzyhMObKXKbfNdIjzpPZOj49swN:yXSGq/qj9llXQ9O2ObxbfNd0zpPZOj4R

Score

10^/10

rat ki21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ki21

Decoy

nikonz9.com

piazzadelcondominio.cloud

stylistandcojewelry.com

watchingmovie79.store

dontpanic.solutions

cy888.xyz

pediatricdentalassoc.com

mg2selot7.us

gotireja.com

valdez.cloud

burgoontowing.top

void89.site

yoicok.online

rjinfo.xyz

omgwin7.online

pineislandhouseforsale.com

squidgamehalf.com

cpphgroup.com

kitahoki.pro

greenfieldnetworkinvest.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2904-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2904-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB