formbook | 4172-341-0x0000000010410000-0x000000001043F000-memory[.]dmp

General

Target

4172-341-0x0000000010410000-0x000000001043F000-memory.dmp
Size

188KB
MD5

c307898aacbd7a096dee69cc3e11f333
SHA1

b895d6b8e40ec2c86664f5747b39c97906fd7af5
SHA256

328521dbb092e91b2b1f394e41cc874508c73b83130b82c5d2455974aa4643c2
SHA512

bbe9003313f0b574c8812850d672e9ebd3efeb95b9c216311be76cf6cb88a4ac86f338bf8486cb97cd2dd8650090895b9638bc1d032f8e45989a771e159eb8c8
SSDEEP

3072:887lFrqk/kSACJVPdm8s0WM0r2aNcjsZD4eSl2V6cOWOg7JR31Hz:/6k/Dzm8ZhtaNcjN2gGRd

Score

10^/10

rat ges9 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ges9

Decoy

lolofestival.store

amzin.info

pulsahokii.xyz

bahiszirve.com

animekoe.com

kansastaxaccountant.net

howgoodisgod.online

medakaravan.xyz

pesmagazine.net

americanpopulist.info

nepalihandicraft.com

mariabakermodeling.com

cavify.top

onlinewoonboulevard.com

furniture-22830.com

ophthalmicpersonneltraining.us

yz1204.com

extrawhite.site

tomo.store

martfind.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4172-341-0x0000000010410000-0x000000001043F000-memory.dmp

Files

4172-341-0x0000000010410000-0x000000001043F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB