formbook | 2804-31-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2804-31-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

e9e9207dc0f788b2b30494e05e276194
SHA1

c58fde075774b403ca497aee4b505f7de4d04b3b
SHA256

135f279a551d12decf71cdeae27acb54fd6954bc2cc918e5d132fab93fc40bd6
SHA512

1637d2e0b742ecde1a2c5017267cd5143bbc174559d710f4ff39e91c9072cdfda580666078a64104ec2e80ba335d808598309317d4f10d20ad805b84c65fb7a6
SSDEEP

3072:C1y9AEFkQ1TERbP3YDGWutriJqbDvfVu2w1znXgrGoQKGzhP:C1yV6PYaWfqbDvfI2wFXXoQKGzh

Score

10^/10

rat ss94 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ss94

Decoy

limitedbrainspace.xyz

salesgameindia.com

a3bgat0p.top

lkkjg.com

eudaimonic.life

khuahamiksai28.pro

vote-buildoneigen.app

9q2zkc.xyz

kanav.shop

kjsdhklssk58.xyz

liuzhu2.com

thegodtate.xyz

797webuy.com

huffandpuffers.net

2222233p6.shop

taksaritraders.com

090987654.com

magodelmarketing.com

purerevitalizeltd.com

wr44.top

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2804-31-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2804-31-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB