formbook | 2540-267-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2540-267-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

9456bbb0dd97810b17c769067d23ab89
SHA1

3e557213d912cdf9b725c946b11d49f645980ae0
SHA256

a0a0f4fa143b8a72143de92b1f981e37cab41b5209c6ff1fcd04ded91ab996a9
SHA512

84eda571c35e6bcb9aae9136c91b0af1c792c16148878436bd16bfeee37082d0cd3f728ded7fb93968cfed57c0568325e39b35b3ea49c3a6ceca86ea189e7100
SSDEEP

3072:2HscDFrb/d3zQ/0RTUcASZHhpV66shaDxI81FIpivCbJjTet:NcJ/ekUcbZHV66shaDiMvCbJTet

Score

10^/10

rat ht3d formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ht3d

Decoy

derlon.net

46gem.vip

bridal-heart-boutique.com

porarquitectura.com

durkal.online

9916k.vip

nativegarden.net

hoodjac.com

coachwunder.com

jutuowangluo.com

frankmontagna.com

jalenx.com

yhxg.net

brasserie-bro.com

whitecoatprivilege.com

sigmadriving.com

inhkipcmacau.com

freediveexperience.com

52iwin.com

aaditt.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2540-267-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2540-267-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB