formbook | 3140-9-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3140-9-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

cbc84f69606bb3170ae8ac3dfd25f9c1
SHA1

3f6dda08afe4f756f5573afdf9c099b026a0f039
SHA256

7d73e5bb30fda6a67b42806b908f156d5be42cebe57977a42cbb2a588e5f61a2
SHA512

5d9186eadfd37665e7000feef16d349e8007671074b6cb7848d8c8eaf06d8c70c442608707fb2b0e963c2b7bbcd17ba40a6e643bd3423752f476a6abd8aaa8bb
SSDEEP

3072:BCq7EHTtsE4xh3e21rNR6aZtTIe2o5lBpgcr8iNlIPM:mudeWrNzZtTIe2Ol0cYAlIP

Score

10^/10

rat cs82 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

cs82

Decoy

rolova.app

osramhidchina.com

kancelariaderewicz.com

lexysalvago.com

spillingink.xyz

gx128.xyz

2tgxb.com

digitalbirch.com

12yue-83.xyz

mil916.vip

jaulcappearcount.store

8xb466.com

gdscsrcasw.club

cleaning-services-86033.bond

meshwebdesign.com

ajphotographsatx.com

rrav11.store

buzzferd.com

kneegenix.com

rentalriverside.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3140-9-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3140-9-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB