formbook | 2504-10-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2504-10-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

10da4a342fa4cbca044dfa304bb84640
SHA1

dc43cfe424ab2080b38ee7099c9b78d2f29de739
SHA256

6754b5963bba07e441cf02a860634096688c96e1b2adfed271decc15c37ea277
SHA512

d7183daccb0803afaefe864a9b1ddf48c4d1764ac4dc314205d272e8493cde0b5402c2cde44c11300f131f03d8a73d3199a328b6f35e089573269174c13f78ae
SSDEEP

3072:fuc69FxST/FBBRWfD83yGvuVrz7Fhbc40cBp3csvZE/94nGN:AM+fDqbWrz7FhvBp3cdFim

Score

10^/10

rat 38gc formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

38gc

Decoy

fgoz3kry51.asia

vanishingacthairremoval.com

onlinelearningsandbox.com

feluca-egypt.com

goforsourcing.com

hairmadeperfect.com

brockspaydayearners.com

vintagetoj.com

tjandthecampers.com

emkanelajiehes.com

bestundersinkwaterfilter.com

proatta777.com

satuslot.beauty

nicolesbodybutter.com

montecarlogallery.com

homeautomation.one

cx-n1.ink

spennys.casa

gaozgn.cfd

hakajimai.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2504-10-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2504-10-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB