formbook | 2620-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2620-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

bc630097fc9d139ce81aae686e5f5bdb
SHA1

7af7ac4b0560ca6c270586832c6aa9d7bb58c6f8
SHA256

52cea5ccd66d72696a2629012aa96a0db1e8e3be5ba0c628f19cf473f90f10ef
SHA512

836e2522be54a40f4ee0ed4aafcfa010c568d6a93c5a7745f54da3130260bdc0a5b211fcfb3c55ab85795ab442610779760137b8c7f7fb5c0f60c2fe8c3ec3d0
SSDEEP

3072:7xEUkOmDbSNE3OIF1KLaA6i/hVlrQ7Rj4+aYS7JSWoE:NfqO81KaA6ipvaXh

Score

10^/10

rat kh11 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

kh11

Decoy

theluckypaddle.net

assurelinkenterprises.com

gazpachogroup.com

worxservicesllc.com

bestecankurban.com

cotebrief.com

899173.com

navist.io

metaverseharem.com

genpower-plus.com

drhandgrip.com

jessicachristina.com

eidura.com

cat2000andhope1izfanfiction.com

nywaiverlatam.com

cdlb9twt.shop

j2mjewerly.com

itsmisshodges.com

timeis.shop

santefe4g.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2620-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2620-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB