formbook | 2532-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2532-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

a706cc42a0239adf5d45461382f34773
SHA1

46cff98407f17988b02f7331a62b8f17988e336d
SHA256

ef25ca972778ecb0b7be6fa1553f24721852e4ec30cd27adb5e59023dd76b2cf
SHA512

1c1418edf2586f0c335c38bd1a22fb1bf04f59001112197e368b4c0d2fde375067a5c51699ad8b4d8bd3d0dbb396f1b604045ec43b215f0d9403d88102dc3598
SSDEEP

3072:PmUHkiWHJoLJi38/sfn6aJ6klxyCRJ31kWfmMVP9DG4o:u+U8EiaJ6klxBJN+MVP9q4

Score

10^/10

rat dz25 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dz25

Decoy

sdw123.com

theflower-jeju.com

bigbargins.shop

xn--grsdetetizao-dcb9c.site

visionprobiz.com

ebruunalsigorta.xyz

51tree.net

tommeynadier.com

spx21.com

researchupdatehub.com

rserveohio.com

schemaconsultant.com

ec-peleti.com

songkokgelhq.shop

sixfigureswithkarah.net

quickfinancebrokerage.com

alliance-couverture.com

heartlandinnovates.com

art-friday.online

curi-o-rama.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2532-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2532-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB