General

  • Target

    2172-11-0x0000000000400000-0x000000000042F000-memory.dmp

  • Size

    188KB

  • MD5

    7140c2bb93b2a810495c1df750057607

  • SHA1

    d1f5f3c568652b5d91346cc42c64bc0db125b594

  • SHA256

    feb4cce7449fbbd8a25352e81ed5886c7818598c1fa6f96ff70bbe8a071cbab9

  • SHA512

    af9227cc34982e6c1d3e91933e85444cb91fb48d68b04aa22f074f0081e25e4a26ef816ef6fcb899e473c7783c765391184e4bef9f2a99187e33e24b15f1da4d

  • SSDEEP

    3072:7hnn7kzMRq9Hnt3eS3Cr/q14eO35604+ImiGVijQjw48cyiXVo5DsuQ:7vEheQgq14es6FAGcym6m

Score
10/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ph01

Decoy

23888.sbs

zvcj.sbs

raitpourtrait.net

ibraryfarmclub.online

omputercourses123.live

j88.doctor

atsue-color.click

epitalrentgrup.online

rvvpn.lol

i-signals.tech

cr-phoenix.best

frican-safari.online

c-games.zone

oardetest.online

f4md.shop

uke-saaac.buzz

arze.dev

nvestment-services-49610.bond

izatrip.sbs

ameron-paaaa.buzz

Signatures

  • Formbook family
  • Formbook payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2172-11-0x0000000000400000-0x000000000042F000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections