formbook | 3896-12-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3896-12-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

8a9b5555013f320a5ab4ed24dbc35887
SHA1

ea32dc8a626c9b956193c484b6158641fde1ea48
SHA256

84dce33972749e74b16cc550d607c59e288d415d255280e6288bc8bd1a856d65
SHA512

f080535ad14eae1a591e3431651f7809696be8e526f568fa920fbbf8dfa2d8ac19ac596733f64aa06e363a4b1dbb10f3ab02bbf0372402c2ad4e3ae582569a34
SSDEEP

3072:qhtMqR6E0TARE3fWw3C2II/5h+Ku4y2KcGOwXYeGFjMAAFQUIWWdRDwu1:qaTI+CDI/GKu4vKoMAfWWRj

Score

10^/10

rat mw62 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

mw62

Decoy

abpdainik.in

luxuryprojectmalad.co.in

cajunbellebeauty.com

fpmfstudios.com

spedyz.shop

wilddogphotographics.com

apollomoda1.com

evrimciftciportfolio.com

99977bet.com

inefavel.com

mf85.com

online-doctor-nl-1.bond

zqi2lv.vip

thewebdesignhub.co

botwitter.com

18comic-palwoeld.club

loveweldpermanentjewelry.com

l3er39pc-gaywn6kv-d7fs4t7u.cc

31yoyogamestudio.com

yhvh.cloud

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3896-12-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3896-12-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB