formbook | 2528-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2528-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7fad72aba0c03e24573515290abf828b
SHA1

0a309f958f94a5bd0534e56c7577cfdecf62c727
SHA256

61b17fc8011ac422d7737a297b5036ba3ff18e3dc4fffd06195d957a0f69ee38
SHA512

2f168f3edebb77aa329fb06f158bca390b411561364a317852aea931dcb44fd97e04c59093e4ad69c3d250c7ac0078ac9e6e2c81fb60d93f43828f7991ac87be
SSDEEP

3072:5brEFsMkES8nnM3dOELG06gp06trqk8ywJhov5iRU:22snejLG06V61qk8ykho8R

Score

10^/10

rat fd05 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fd05

Decoy

rancangrumah.com

liposuction-54947.bond

9smp.studio

tranquilos.club

slknb9x4.shop

huidvh.xyz

59638.bet

611422.cc

gurdwarakaramsar.com

level42data.com

remedydx.com

aagmal.pro

aicertifiedpro.com

reeoumcuoarriron.shop

syrianphotographers.com

findasideproject.com

frontierconnects.co

cliphothomnay.top

vbywehjri3.top

hydrogenwaterbottles.co

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2528-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2528-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB