formbook | 2392-11-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2392-11-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e4254eb2d441001dbd47900726dc00a4
SHA1

cbfebf4aaf4e7a5d3cc18c8b8ed727a1c2ecda28
SHA256

058abd29a541b803264fca45fd596c3d1532d29969b3469d7dde4b5cff7b234c
SHA512

5d54dc889e63e0e966abce713749df0e3ec9710b5edd912409e8efa7c15a56cefd027c1014ffe57ecbf5733d44170e968442c9a05aaed7c380b46f47798ace19
SSDEEP

3072:XRrP8vkE7oi/2mIz3+7UBwlavchwB34R8T46uUiwC0YB:BSXIb+Aylavchwc8T5uUUB

Score

10^/10

rat se63 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

se63

Decoy

socratesandhisclouds.com

versioncolor.com

ytcp011.com

908511.vip

egysrvs.com

ky5682011.cc

kkuu14.icu

wavebsb.com

klikadelivery.com

jnbxbpq.com

5o8oh.us

hemule.net

techinf.xyz

bevage.club

we37h.com

tipsde.shop

48136.vip

bestcampertrailerbrands.com

fairmedics.in

quixonic.tech

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2392-11-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2392-11-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB