formbook | 1520-10-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

1520-10-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

7e06331cb1501b4cf06efcd8443f4f46
SHA1

226963be1da014f24245c3bb5886abb3a3b50152
SHA256

a198051a27500bb9f0f729a5e8712154736d458b6ebea7c4e29d73f580dd3a82
SHA512

eaa87813ed95d7cecd810b4fcd0b13590e1a5d1c4e8732a020c46d6c63616a93f258a4ed9fee6f760b87d8398f43f0da1642c9b319de8b57202ad6374fc6345f
SSDEEP

3072:qP5EF8K+Iro3Zc64BrajJYv3ZS9o/XwMTNQ2qKBfb:ThmZvKajJYv89UNBQ8B

Score

10^/10

rat sy52 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy52

Decoy

wxxj.asia

emu-oil.online

theprogressiontalks.com

saigonvape.com

cb257.pro

inucana.com

xn--pdr89n.vip

vtc.bzh

connexionsink.com

mastersofthevibes.com

mallsetuae.shop

bellaandbling.com

wagi88.one

273618.bid

japanvietnam-mall.com

lkd1t.rest

oflgjgiq.xyz

calliblography.com

idz8u.vip

marrybears.com

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1520-10-0x0000000000400000-0x000000000042F000-memory.dmp

Files

1520-10-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB