formbook | 352-21-0x0000000000400000-0x000000000042A000-memory[.]dmp

General

Target

352-21-0x0000000000400000-0x000000000042A000-memory.dmp
Size

168KB
MD5

ea1f87d884f7e1725703253f44421685
SHA1

149fc6aab754a3b0b9aaabc622b551f6535367e0
SHA256

416d47cae8553f65b0a304ad2414f6d6dec0b9dd273ca56c84967b624c7b57e8
SHA512

4f23fc415f33e6f1124494fe464f4031d3c749c1b84c1ed01c0b6c513e1068e22c3de93673067524623f90abf122afa0fab8bde789f49f25af4728d989c7d7b0
SSDEEP

3072:uira2cYeBwABNWkLVU8CmXVgG+g4aLkOpK//u1eURptjvrZKrxUuB/tZyJ:utAeBthU8BXVgzg4aLU+7V6xbB/tZyJ

Score

10^/10

rat ow formbook

Malware Config

Extracted

Family

formbook

Version

3.9

Campaign

ow

Decoy

piavecaffe.com

jlxkqg.men

lifesavingfoundation.net

karadasama.net

michaeltraolach-macsweeney.com

thunderwatches.com

serviciocasawhirlpool.biz

c-cap.online

itparksolution.com

clarityhearingkw.com

wpgrosiri.date

colemarshalcambell.com

webperffest.com

adjusterforirma.info

buildersqq.com

spiritualwisdominindia.com

111222333.net

traditionalarabicdishes.com

hmlifi.com

receive-our-info-heredaily.info

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
352-21-0x0000000000400000-0x000000000042A000-memory.dmp

Files

352-21-0x0000000000400000-0x000000000042A000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 163KB - Virtual size: 162KB

.text
Size: 163KB - Virtual size: 162KB