formbook | 2292-4895-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2292-4895-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

cb5c3e87dc2faee7d76fea11fcb54867
SHA1

1d9f9349dbee7a6ce54e3d87b5c2e05bf91c42d6
SHA256

49081f74e3919752a073fa85036dd2ac569a6b3369ee49945e8f4663e4cf5cf1
SHA512

2beaab470fb034a1f2aa508c1fa8e8ddfa31fc5042c61346a9f2fadb6ed399f7703251d00b3fee6d91fb676004a1160c4dc6dac5d6edf4b2c9f9053a7cacb490
SSDEEP

3072:jCnDk/VeHytFwXE39tn4uxftaq7BUdbqfH/4nmFlxiQRFEPoyTqvtIZMsVN6:deeYq9t4Caq7BKbqff4neiHQ0ZL

Score

10^/10

rat sr62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sr62

Decoy

pizzaperol.com

brooklynlearningstudio.com

legendlearningacghy.net

xtlg3i19o7czkv4.buzz

outdoorsproducts.xyz

nissanthanhhoa.com

mtviewproservices.com

tichris.com

monopolygo.llc

engagemaxmail.com

supremeinsure.com

2018b7.com

tedxkarunyauniversity.com

vaishnaviyoga.in

goddessoffetish.com

dazewu.com

844385.autos

caluxio.com

restaurantlataberna.com

charlieahunter.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2292-4895-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2292-4895-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB