formbook | 2492-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2492-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

98dd6dfa5cc3cc422a39d149ff006fa0
SHA1

c907e09f13c012788fb6470c7b1b6502a6955dd8
SHA256

29792463746f397119a6552276f281d1e6bf32695dd9f03bdf988fa0bd4e2b3c
SHA512

ce449727ffc91c9a7cc9576fcdb017c61f667b6b0bcaee4912b8b8c8e29abeea27de70e4537c09094abcbaecd4d4c0684f9036877338c6aac217e76993d42967
SSDEEP

3072:0PB5PbEkHKVMil3wWYYyK6P83VEdr9cwkA6zliF:0xUJwnYD6P83VxwktEF

Score

10^/10

rat mx21 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mx21

Decoy

mexiwow.com

oneightycreative.com

ask2fairplay.com

innovativeindustires.com

orderhypnosis.com

qualitycriticalcare.com

scalestarloop.com

francostamales.com

immortalgameclothing.com

kccapcc.com

pauruiz.cat

eddyindyman.com

yourarchivedfashion.com

plantpoweredpodiatrist.com

silvekoski.net

ketoapuwarabson.cloud

themooncartomanzia.com

ikjd7v.cc

listmyhousefast.com

owl3.net

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2492-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2492-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB