formbook | 1212-114-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1212-114-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7eeff27dc59b2adebd7d4ec070261299
SHA1

76ba5da31aaf88f6d6aea182bdbe67b86a742564
SHA256

0dcaa1f7eed9efdd47ef971981c060a8e3df2792b77dd1ba65cc61140e390b9a
SHA512

9cc8bdc68ff902ce19ba618a3659b6c8d061848cdeb5470aca12ffb357204d75af762e1178e57e50b99f976c4fda569cfedf187bd3b6f51bfad1c0515f1ec84f
SSDEEP

3072:89va1+x/9dndxVQ68EReGh6DKNOkOvul4xvJBNHOBGQA:o/9lVR8Yh6D8OkOvukBHOBU

Score

10^/10

rat cg86 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cg86

Decoy

cerapoxy.net

ultradronexi.com

beshealtahub.shop

showmethetee.com

bixtrack.com

yunosave.site

rtppedro77.com

vxscnb.cfd

joshtalkhindi.com

sarma.dev

valuationauto.com

bankruptcymindebitfaster.store

zingymart.store

w8vip.net

munch-o-las.com

evolvewithsarahcoaching.com

hgygfrr.store

y6732cn.cfd

steancomunnyty.online

huz7r4a6so.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1212-114-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1212-114-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB