formbook | 2696-30-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2696-30-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

00d788b363028ff5b6ef7387dd90518f
SHA1

fceaa36e1b23c95d66a5ae6a350af5772c0916b5
SHA256

bcb64bdb121231d14d58ca0f7dfbe02f14482e1140393bb43436bfeff894cf38
SHA512

6d6c2ca526f9b1b12b487f18bb0634315d0361f797c37d00210756ab0e566e85398aeeb681cbc57eef87d3a53cb0606f0a10774cae55633584af37e83e0d4299
SSDEEP

3072:iS28gEJIugehuu433is4VMIma6y5vQU6qg5r0QSoMpQGuOpCJeFVwvl:VIuz4HitV2a95vgH5r0QSoHevLCl

Score

10^/10

rat rn94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rn94

Decoy

st68v.xyz

conciergenotary.net

qwechaotk.top

rtpdonatoto29.xyz

8ad.xyz

powermove.top

cameras-30514.bond

vanguardcoffee.shop

umoe53fxc1bsujv.buzz

consultoriamax.net

hplxx.com

ndu.wtf

yzh478c.xyz

bigbrown999.site

xiake07.asia

resdai.xyz

the35678.shop

ba6rf.rest

ceo688.com

phimxhot.xyz

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2696-30-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2696-30-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB