formbook | 2828-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2828-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

2662e7e8f71925ac054a4aeb63afa7b5
SHA1

1db77f2961385d45deb45f573ac7bbfaa57429a0
SHA256

2657c51f64966de6933b5284d3575eee18b493f6f48f096908243df695ce3260
SHA512

55538881e0a969e853cc834dc8dcc6c8bbaf352940e5e185b1ef2d47b1c76923eb374a90ef8415a26b236c39eed3c2f892db4a378ce0a289868fffd286b6ec2f
SSDEEP

3072:dgSsHkVi7vvnal3DmHnCo36AT0yJ6Tcq90rfmNpl0AstFssaCOjVa:OmiaJD8D6AT0yXqYQ0H

Score

10^/10

rat cz30 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cz30

Decoy

6rka0.cyou

xbei.today

rajasakong88.com

huiwanzx.com

cfmcleaningservices.com

biztozz.com

ts8qxkb3j.sbs

kiwiest.com

junkfoodfilms.com

fan88t.net

satta-boss.com

rtpsensa15.fun

aeindesign.com

aqlu120.cyou

josiechow.com

fannieruth.com

smgct.com

tektotown.com

safelimouae.com

usesynch.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2828-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2828-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB