formbook | 3048-24-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

3048-24-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

f798abdc6f80761ee55c62de6faad8c0
SHA1

737ba4433bce7cf230ea2a3b6a21e5ede366cf40
SHA256

e9a741eca2713da2bd4daacaf0a52dadb5ea3bcbdc76dd82f013b57c2d5430e8
SHA512

46e108d0a345c6d943043f33ea4333f2adb51c1f1dc5e137bdf8ca0a02972073c0fb9a6b7ab937ed9d946a9dcd19928bfd65805cbdf45ceb5a1e29bba2ccadf7
SSDEEP

3072:g28CDkmHf5GoA2G3gkHXVrEA4614EDDLHLE1RIf0oJ2yIRDsZNKSWr:giftwg2FrEX614EDDHOZoUySC2

Score

10^/10

rat dk07 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dk07

Decoy

reclam.xyz

parchmentmediaadd.com

gaolibai.site

menage-exclusif.com

ceremoniesbyjade.com

5663876.com

take3.xyz

environmentaladvocacygroup.com

fp38z.rest

elektro-vlasic.com

bollybytestv.com

udfunsd.cloud

studiomiraiarq.com

e-commercebrasil.shop

sansiddhiedu.com

draaronroughan.net

24angel.com

rjh-equestrian.com

22db3rgdg6a73pea7.vip

mintygreen-wellnessportal.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3048-24-0x0000000000400000-0x000000000042F000-memory.dmp

Files

3048-24-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB