formbook | 3048-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3048-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9fe7a13d2caa6e333cb0cf121b1d7ae0
SHA1

dce173095949b14ff5a479636b4ebf160c829f8b
SHA256

7708e599eb5d13bd8c2808db0b025f38de11ffb7a23e1400bfaffbaa79ca7aed
SHA512

b0bc02dcc386c6259055917ee66c6d2daf3a15ef4660ebded4dd21e86492628f481cf5ddb8dcff32b5b2aab6172e6904651f9a2c7a83165faba7c4f2c0c401b6
SSDEEP

3072:OjBX1EGQqMxf43iWY0x4hLuG55i6Bn+QAQHK4/Cm34lPLQd4ImsfDKT:y22ij0SSG5M6BR7HKu4p0NB

Score

10^/10

rat se62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se62

Decoy

wkb41961shv.com

bdsxm.com

renovationslandscaping.info

qhsmgysm.com

fetbody.com

injured444.live

teensfeel.us

zi59wp1h.com

dfrtrucking.com

16milevet.com

patternzi.com

homeinsectcontrolpros.com

alcosa-peru.com

rmicompletesolutions.co.za

nnhealthhk.com

fitversus.com

hgxaf155.com

hizlitakibin.com

kjhwbk.top

gokarpemed.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3048-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3048-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB